WP Airbnb Review Slider Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the WP Airbnb Review Slider plugin for WordPress, affecting all versions prior to 4.3. The issue arises from inadequate URL validation, which allows users to introduce malicious HTML files through admin settings. This vulnerability enables authenticated attackers with administrator-level permissions to inject arbitrary web scripts into pages, where they will be executed when the injected page is accessed. The vulnerability is present in multi-site installations and those with unfiltered_html disabled.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page, potentially leading to session hijacking or administrative account compromise.

Reproduction

To reproduce this vulnerability, an authenticated user with administrator privileges can navigate to the WP Airbnb Review Slider plugin settings. Here, they can input a URL that points to a crafted HTML page containing malicious scripts. Once the URL is saved, the plugin fetches the content from the URL, stores it in the database, and writes a file to the server. The injected scripts are then executed when the page is accessed.

Remediation

Users are advised to update the WP Airbnb Review Slider plugin to version 4.4 or later.