The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized
References
Link | Resource |
---|---|
https://purinechu.github.io/posts/social_slider_widget_reflected_xss/ | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/bb20d732-a5e4-4140-ab51-b2aa1a53db12 | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 03:31
Type | Values Removed | Values Added |
---|---|---|
Summary | The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized |
Information
Published : 2021-04-05 19:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-24196
Mitre link : CVE-2021-24196
CVE.ORG link : CVE-2021-24196
JSON object : View
Products Affected
cm-wp
- social_slider_widget
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')