CVE-2024-10565
📋 TL;DR
The Slider by 10Web WordPress plugin before version 1.2.62 contains a stored cross-site scripting (XSS) vulnerability in plugin settings. This allows authenticated administrators to inject malicious scripts that execute when other users view affected pages, even in WordPress multisite installations where unfiltered_html is restricted. The vulnerability affects WordPress sites using vulnerable versions of this plugin.
💻 Affected Systems
- Slider by 10Web WordPress plugin
📦 What is this software?
Slider by 10web
⚠️ Risk & Real-World Impact
Worst Case
An attacker with admin privileges could inject malicious JavaScript that steals session cookies, redirects users to phishing sites, or performs actions on behalf of authenticated users, potentially leading to complete site compromise.
Likely Case
Malicious admin or compromised admin account injects tracking scripts, defaces content, or steals user session data from visitors viewing affected slider pages.
If Mitigated
With proper access controls and admin account security, impact is limited to authorized administrators intentionally misusing their privileges.
🎯 Exploit Status
Exploitation requires admin-level access. The vulnerability is in plugin settings that should be sanitized but aren't, making exploitation straightforward for authenticated attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.62
Vendor Advisory: https://wpscan.com/vulnerability/4ef05302-a6ca-4816-ab0d-a4e3bf7a5e22/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Slider by 10Web' and check if version is below 1.2.62. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 1.2.62+ from WordPress.org and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Slider by 10Web plugin until patched
wp plugin deactivate slider-by-10web
Restrict admin access
allImplement strict access controls and monitoring for WordPress administrator accounts
🧯 If You Can't Patch
- Remove admin privileges from untrusted users and implement strict access controls
- Install a web application firewall (WAF) with XSS protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Slider by 10Web → Version. If version is below 1.2.62, you are vulnerable.Check Version:
wp plugin get slider-by-10web --field=versionVerify Fix Applied:
After updating, verify plugin version shows 1.2.62 or higher in WordPress admin plugins page.📡 Detection & Monitoring
Log Indicators:
- Unusual plugin setting modifications
- Admin users modifying slider settings with script-like content
Network Indicators:
- JavaScript payloads in HTTP POST requests to wp-admin/admin-ajax.php or plugin settings endpoints
SIEM Query:
source="wordpress" AND (event="plugin_settings_modified" OR event="admin_activity") AND plugin="slider-by-10web" AND (data CONTAINS "<script>" OR data CONTAINS "javascript:")