Lucene search
Dmitrii IgnatyevWPEX-ID:7A2C173C-19E3-4F48-B3AF-14790B5B8E94HistoryApr 05, 2024 - 12:00 a.m.
WP Google Review Slider < 13.6 - Admin+ Stored XSS
2024-04-0500:00:00
Dmitrii Ignatyev
19
wordpress
google review slider
xss
vulnerability
exploit
admin.
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
1. Go to "WP Google Reviews> Templates" and click on "Add New Reviews Template"
2. Save the settings and intercept the request.
3. Change the `wprevpro_template_misc_bgcolor1` parameter to `#asd"onmouseover=alert(112312)//`
4. Reload the template and select the BG color and mouseover to see the XSSReferences
Related
nvd
nvd
CVE-2024-2310
2024-04-26 05:15:50
cve
cve
CVE-2024-2310
2024-04-26 05:15:50
wpvulndb
wpvulndb
WP Google Review Slider < 13.6 - Admin+ Stored XSS
2024-04-05 00:00:00
cvelist
cvelist
CVE-2024-2310 WP Google Review Slider < 13.6 - Admin+ Stored XSS
2024-04-26 05:00:02
wordfence
wordfence
5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
8.9%
Related for WPEX-ID:7A2C173C-19E3-4F48-B3AF-14790B5B8E94