CVE-2021-24544
Responsive WordPress Slider <= 2.2.0 - Subscriber+ Stored Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Furthermore, as by default any authenticated user is allowed to create Sliders (https://wordpress.org/support/topic/slider-can-be-changed-from-any-user-even-subscriber/, such settings can be changed in the plugin's settings), this would allow user with a role as low as subscriber to perform Cross-Site Scripting attacks against logged in admins viewing the slider list and could lead to privilege escalation by creating a rogue admin account for example.
El plugin Responsive WordPress Slider de WordPress versiones hasta 2.2.0, no sanea y escapa de algunas de las opciones del Slider, permitiendo que se establezcan cargas útiles de tipo Cross-Site Scripting en ellas. Además, como por defecto cualquier usuario autenticado puede crear Sliders (https://wordpress.org/support/topic/slider-can-be-changed-from-any-user-even-subscriber/, esta configuración puede ser cambiada en los ajustes del plugin), esto permitiría a usuarios con un rol tan bajo como el de suscriptor, llevar a cabo ataques de tipo Cross-Site Scripting contra los administradores registrados visualizando la lista de los sliders y podría conllevar a una escalada de privilegios al crear una cuenta de administrador falsa, por ejemplo
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-14 CVE Reserved
- 2021-09-21 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/4a2dddfc-6ce2-4edd-aaaa-4c130a9356d0 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Motopress Search vendor "Motopress" | Motopress-slider-lite Search vendor "Motopress" for product "Motopress-slider-lite" | <= 2.2.0 Search vendor "Motopress" for product "Motopress-slider-lite" and version " <= 2.2.0" | wordpress |
Affected
|