Stored Cross-Site Scripting in Image Horizontal Reel Scroll Slideshow Plugin for WordPress
CVE-2023-5413

6.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Image horizontal reel scroll slideshow
Vendor: CVE Published:; 19 December 2023

Summary

The Image Horizontal Reel Scroll Slideshow plugin for WordPress is susceptible to Stored Cross-Site Scripting through its 'ihrss-gallery' shortcode. This vulnerability arises from inadequate input sanitization and output escaping of user-provided attributes. Consequently, authenticated users with contributor-level permissions or higher can exploit this flaw to inject malicious web scripts. These scripts will execute whenever an affected page is accessed, posing significant risks to users and website integrity.

Affected Version(s)

Image horizontal reel scroll slideshow * <= 13.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/image-horizont...

https://plugins.trac.wordpress.org/changeset/3010834/imag...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 19, 2023
Vulnerability Reserved
Oct 4, 2023

Credit

István Márton