Jump to content

WordPress Plugin Smart Slider-3 - 'name' Stored Cross-Site Scripting (XSS)

This CHT

Recommended Posts

  • Group:  The leader of the
  • Content Count:  4,798
  • Achievement Points:  31,700
  • With Us For:  233 Days
  • Status:  Offline
  • Last Seen:  
  • Device:  Windows

# Exploit Title: WordPress Plugin Smart Slider-3 - 'name' Stored Cross-Site Scripting (XSS)
# Exploit Author: Hardik Solanki
# Date: 05/06/2021
# Software Link: https://wordpress.org/plugins/smart-slider-3/
# Version:
# Tested on Windows

*How to reproduce vulnerability:*

1. Install WordPress 5.7.2
2. Install and activate the "*Smart Slider 3" Version* plugin
3. Navigate to "*Dashboard* and create a "*New Project*".
4. Enter the JavaScript payload "*<script>alert(document.cookie)</script>*" into the "*Name*" field.
5. You will observe that the Project has been created with malicious
JavaScript payload "<script>alert(document.cookie)</script>" and hence
project has been* created/stored* and thus JavaScript payload is executing

1: Steal the cookie
2: User redirection to a malicious website
Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...