At a glance:
| VD Number | FG-VD-20-123 |
| Date Discovered | Aug 21, 2020 |
| Risk | 
|
| Impact | Cross Site Scripting |
| Affected Software |
WordPress Metaslider Plugin |
| IPS Package Version | 16.919 |
Refine Search
Zero-Day Advisory
Fortinet Discovers WordPress Metaslider Plugin Cross-Site Scripting Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a cross-site scripting (XSS) vulnerability in WordPress Metaslider Plugin.
Wordpress Metaslider is a most popular slider plugin with over 800,000 active installations. This plugin offers powerful, SEO-optimized slideshows in minutes.
A stored cross-site scripting vulnerability has been discovered in Metaslider plugin (version 3.17.1) . The vulnerability exists in Image caption or description parameter in slide creation module.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:WordPress.Metaslider.Plugin.XSS
Released Sep 03, 2020
Update to the version 3.17.2 or above.
Timeline
Fortinet reported the vulnerability to Metaslider Team on August 24, 2020
Metaslider Team confirmed the vulnerability on August 25, 2020
Metaslider Team fixed the vulnerability on August 28, 2020
Acknowledgement
This vulnerability was discovered by Vishnupriya Ilango of Fortinet's FortiGuard Labs.