"XSS Vulnerabilities Found in WordPress Plugin Slider Revolution"

Security researchers at Patstack conducted a security audit recently of the Slider Revolution plugin and uncovered two significant vulnerabilities that could compromise the security of WordPress websites. Slider Revolution is a widely used premium plugin with over 9 million active users.  It was found to have an unauthenticated stored XSS vulnerability.  This flaw could allow unauthorized users to steal sensitive information and escalate privileges on WordPress sites with a single HTTP request.  The researchers noted that the vulnerability stemmed from inadequate input sanitization and output escaping in the code handling user input for slider parameters.   Additionally, a broken access control issue in one of the plugin's REST API endpoints enabled unauthenticated users to update slider data.  By exploiting both vulnerabilities, researchers were able to achieve unauthenticated stored XSS.  The researchers noted that the plugin's primary vulnerability, the unauthenticated broken access control (CVE-2024-34444), was addressed in version 6.7.0.  The authenticated stored XSS issue (CVE-2024-34443) was fully resolved in version 6.7.11.  The vendor removed the affected REST API endpoint entirely and applied proper sanitization and escaping to mitigate the XSS risk.

Infosecurity Magazine reports: "XSS Vulnerabilities Found in WordPress Plugin Slider Revolution"