Logo Slider WordPress Plugin Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Logo Slider WordPress plugin, affecting versions prior to 4.9.0. The issue arises because the plugin fails to properly validate and escape certain slider options before displaying them in the dashboard. This flaw enables users with contributor roles and above to inject malicious scripts that are executed when the content is viewed.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the content.

Reproduction

To reproduce this vulnerability, log in to WordPress as a contributor. Navigate to the Logo Slider tab and open the Shortcode Generator. Click 'Add New Slider' and enter a name for the slider. In the Carousel tab, scroll to the Navigation Settings and use the color picker to paste an XSS payload, such as a script that alerts document cookies. After submitting the slider, the JavaScript alert will trigger, demonstrating the successful execution of the injected script. This vulnerability can also be reproduced using other vulnerable Carousel fields that accept similar payloads.

Remediation

Users are advised to update the Logo Slider WordPress plugin to version 4.9.0 or later.