Fortinet Discovers WordPress Metaslider Plugin Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a cross-site scripting (XSS) vulnerability in WordPress Metaslider Plugin.
Wordpress Metaslider is a most popular slider plugin with over 800,000 active installations. This plugin offers powerful, SEO-optimized slideshows in minutes.
A stored cross-site scripting vulnerability has been discovered in Metaslider plugin (version 3.17.1) . The vulnerability exists in Image caption or description parameter in slide creation module.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Sep 03, 2020
Update to the version 3.17.2 or above.
Fortinet reported the vulnerability to Metaslider Team on August 24, 2020
Metaslider Team confirmed the vulnerability on August 25, 2020
Metaslider Team fixed the vulnerability on August 28, 2020