CVE-2021-24196 Social Slider Widget < 1.8.5 - Reflected XSS
- Plugin Page: https://wordpress.org/plugins/instagram-slider-widget
- Tested Version: 1.8.4
- Patched Version: 1.8.5
- Installs: 90000+
In the plugin settings page, the user input ‘token_error’ parameter is directly echoed without being sanitized. This allows an attacker to deliver malicious content to the vulnerable page via a reflected XSS attack.
Here’s the POC:
When the server responds, the injected payloads are executed by the victim’s browser.
The vulnerability requires user interaction e.g. clicking a crafted link and only affects the WordPress administrators who are accessible to the plugin settings page (/wp-admin/admin.php?page=settings-wisw). The vendor has fixed the flaw with sanitization in 1.8.5.
2021-01-12 Report to WordPress Plugin Review team
2021-01-13 Review team confirmed the issue and reported to vendor
2021-01-14 Vendor released 1.8.5 to fix the flaw
2021-01-21 Contacted the developer via email for publishing the issues. No further response
2021-03-14 Public disclosure
2021-03-17 Reported to wpscan and reserved CVE-2021-24196