Listen to this Post
How the CVE Works:
The MetaSlider WordPress plugin (versions before 3.95.0) fails to sanitize and escape certain settings, enabling attackers with editor-level privileges to inject malicious scripts. These scripts execute when other users access compromised pages, even in multisite environments where `unfiltered_html` is restricted. The stored XSS vulnerability arises due to improper input validation in slider/gallery configurations, allowing persistent payload delivery via the admin panel.
DailyCVE Form:
Platform: WordPress
Version: <3.95.0
Vulnerability: Stored XSS
Severity: High
Date: 04/08/2025
What Undercode Say:
Exploitation:
1. Payload Injection:
<script>alert(document.cookie)</script>
Inserted via MetaSlider settings (e.g., slide captions).
2. Privilege Escalation:
curl -X POST --cookie "admin_session=123" -d "slider_settings=<malicious_script>" http://victim-site/wp-admin/admin-ajax.php
Protection:
1. Patch Update:
wp plugin update metaslider --version=3.95.0
2. Input Sanitization:
add_filter('metaslider_slide_data', 'sanitize_meta_slider');
function sanitize_meta_slider($data) {
return wp_kses_post($data);
}
3. WAF Rules:
location ~ /wp-content/plugins/metaslider/ {
deny all;
}
4. Log Analysis:
grep -r "metaslider.script" /var/log/nginx/access.log
5. Disable Plugin (Temporary):
wp plugin deactivate metaslider
Detection:
- SQL Query for Compromised Sliders:
SELECT FROM wp_postmeta WHERE meta_key LIKE '%metaslider%' AND meta_value LIKE '%<script%';
- CSRF Protection:
if (!wp_verify_nonce($_POST['nonce'], 'metaslider_update')) { wp_die('Invalid request'); }
Mitigation Priority:
1. Update plugin immediately.
2. Audit user roles (limit editor privileges).
3. Implement CSP headers:
Header set Content-Security-Policy "script-src 'self'"
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-1203
Extra Source Hub:
Undercode
