Login Sign Up

CVE-2023-6382

6.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability allows authenticated WordPress users with contributor-level permissions or higher to inject malicious JavaScript via the 'ms_slide' shortcode's 'css_class' attribute. The injected scripts execute whenever users view pages containing the compromised shortcode, affecting all WordPress sites using Master Slider plugin versions up to 3.9.9.

💻 Affected Systems

Products:
  • Master Slider – Responsive Touch Slider WordPress Plugin
Versions: All versions up to and including 3.9.9
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with Master Slider plugin enabled and at least one user with contributor-level permissions.

📦 What is this software?

Master Slider by Averta

View all CVEs affecting Master Slider →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, deface websites, or perform actions on behalf of authenticated users, potentially leading to complete site compromise.

🟠

Likely Case

Malicious contributors or compromised accounts inject tracking scripts, adware, or defacement content that affects all visitors to pages containing the vulnerable shortcode.

🟢

If Mitigated

With proper user access controls and input validation, impact is limited to authorized users who might still inject non-malicious but unwanted content.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires contributor-level WordPress access. The vulnerability is well-documented with public proof-of-concept available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 3.9.9

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3084860%40master-slider&new=3084860%40master-slider

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Master Slider plugin. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress plugin repository and manually update.

🔧 Temporary Workarounds

Remove Contributor Shortcode Permissions

all

Modify user roles to prevent contributors from using shortcodes

Use WordPress role editor plugin or custom code to remove 'unfiltered_html' capability from contributor role

Disable Master Slider Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate master-slider

🧯 If You Can't Patch

  • Implement strict user access controls and monitor contributor activities
  • Use web application firewall (WAF) rules to block suspicious shortcode usage

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Master Slider version. If version is 3.9.9 or lower, you are vulnerable.

Check Version:

wp plugin get master-slider --field=version

Verify Fix Applied:

Verify Master Slider plugin version is higher than 3.9.9 in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual shortcode modifications in post/page edits
  • Multiple 'ms_slide' shortcode updates from contributor accounts

Network Indicators:

  • Unexpected JavaScript loading from WordPress pages containing slider content

SIEM Query:

source="wordpress" AND (event="post_updated" OR event="page_updated") AND user_role="contributor" AND content CONTAINS "ms_slide"

📊 Metadata

CVE ID: CVE-2023-6382
CVSS v3 Score: 6.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: June 1, 2024
Last Updated: January 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6382, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)