WordPress Plugin Vulnerabilities

Royal Slider <= 3.2.6 - Authenticated Cross-Site Scripting (XSS)

Description

The vulnerability exists due to insufficient sanitation of user-supplied data in "rstype" HTTP GET parameter when creating / editing a slider.

A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.

Proof of Concept

http://www.example.com/wp-admin/admin.php?page=new_royalslider&action=edit&rstype="><script>alert(String.fromCharCode(88,83,83))</script>

Affects Plugins

Plugin icon
royal-slider
Fixed in 3.2.7

References

CVE
CVE-2015-9412
URL
http://dimsemenov.com/plugins/royal-slider/wordpress/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
Gerard Arall
Submitter website
https://github.com/arall
Verified
No
WPVDB ID
8b65602d-7b97-4c59-a76c-ffbf84b454ca

Timeline

Publicly Published
2015-09-12 (about 8 years ago)
Added
2015-09-13 (about 8 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2018-11-07
Title
Better WordPress reCAPTCHA <= 2.0.3 - Unauthenticated Cross-Site Scripting (XSS)
Published
2022-07-29
Title
Floating Div <= 3.0 - Author+ Stored Cross-Site Scripting
Published
2018-05-28
Title
Email Subscribers & Newsletters < 3.5.0 - Cross-Site Scripting (XSS)
Published
2021-10-15
Title
MPL-Publisher - Self-publish your book & ebook < 1.30.4 - Admin+ Stored Cross-Site Scripting
Published
2024-04-30
Title
Ultimate Under Construction < 1.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting