Slider, Gallery, and Carousel by MetaSlider <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter

Vulnerability

The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the aria-label parameter in all versions up to and including 3.98.0. The vulnerability stems from insufficient input sanitization and output escaping, allowing malicious input to be stored and later rendered unsafely in the browser [1].

Exploitation

An authenticated attacker with at least Contributor-level access can inject arbitrary web scripts by supplying a crafted aria-label value when creating or editing a slide. The injected script is stored in the database and executed whenever a user accesses a page containing the affected slider [1].

Impact

Successful exploitation enables the attacker to execute arbitrary JavaScript in the context of the victim's browser. This can lead to session hijacking, defacement, redirection to malicious sites, or theft of sensitive information such as cookies and authentication tokens [1].

Mitigation

The vulnerability is fixed in version 3.109.0 of the plugin, as indicated by the plugin's update history [1]. Users should update to this version or later immediately. No workaround is available; updating is the only reliable mitigation.