WordPress Responsive Thumbnail Slider 1.0 - Stored Cross-Site Scripting (XSS) & CSRF



Description
The original advisory states that this vulnerability is exploitable with editor and author roles but this is incorrect. Only the administrator role by default can trigger this vulnerability.

However, CSRF on the image upload form makes this exploitable by a malicious actor.

Affects Plugin

References

URL https://cxsecurity.com/issue/WLB-2015080167

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Arash Khazaei
Submitter Twitter 0xClay
Views 4547
Verified Yes
WPVDB ID 8172

Timeline

Publicly Published 2015-08-28 (almost 5 years ago)
Added 2015-09-02 (almost 5 years ago)
Last Updated 2019-10-25 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin