Executive Summary

The Prime Slider – Addons for Elementor plugin for WordPress has a Stored Cross-Site Scripting (XSS) vulnerability in the 'follow_us_text' setting of the Mount widget. This occurs because the plugin does not properly sanitize or escape input before outputting it. Specifically, the function render_social_link() outputs the 'follow_us_text' setting directly using echo without escaping, allowing malicious scripts to be stored and executed when a user views the affected page.

An attacker with Author-level access or higher can inject arbitrary web scripts into pages via this vulnerability.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an authenticated attacker with Author-level access or above to inject malicious scripts into WordPress pages. These scripts will execute whenever any user accesses the infected page, potentially leading to unauthorized actions such as stealing user credentials, session hijacking, or defacing the website.

The CVSS score of 6.4 indicates a medium severity impact, with potential confidentiality and integrity loss but no impact on availability.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts via stored cross-site scripting (XSS). Such XSS vulnerabilities can lead to unauthorized access to user data, session hijacking, or manipulation of content, which may result in violations of data protection and privacy regulations like GDPR or HIPAA.

Specifically, the exploitation of this vulnerability could compromise the confidentiality and integrity of user data, potentially leading to non-compliance with standards that require protection against unauthorized data access and ensuring data integrity.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves Stored Cross-Site Scripting (XSS) via the 'follow_us_text' setting in the Prime Slider – Addons for Elementor plugin. Detection involves checking for malicious or unexpected script content in the 'follow_us_text' setting stored in the WordPress post meta data.

You can detect this by querying the WordPress database for the '_elementor_data' post meta and inspecting the 'follow_us_text' field for suspicious script tags or JavaScript code.

• Use a MySQL command to extract and search for script tags in the '_elementor_data' meta value, for example:
• SELECT post_id, meta_value FROM wp_postmeta WHERE meta_key = '_elementor_data' AND meta_value LIKE '%<script>%';

Additionally, you can use WordPress CLI commands or plugins to export and review Elementor widget settings for the Mount widget's 'follow_us_text' field.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, immediately update the Prime Slider – Addons for Elementor plugin to a version later than 4.1.10 where the issue is fixed.

If an update is not immediately possible, restrict Author-level and higher user access to trusted users only, as the vulnerability requires authenticated users with Author-level access or above to exploit.

Review and sanitize the 'follow_us_text' setting in the Mount widget to remove any injected scripts.

Consider implementing additional security measures such as a Web Application Firewall (WAF) to block malicious payloads and monitor for suspicious activity.

Useful 0 Not Useful 0