CVE-2023-6382
Master Slider - Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site ScriptingThe Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 68,318 live websites that are affected by CVE-2023-6382.
Affected Software
| Product |  Master Slider |
| Category | Wordpress Plugins |
| Vulnerable Domains | 68,318 live websites (97.05% of Master Slider install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 124 versions ( 99.20% of all versions) |
Details
- Published - Jun 1, 2024
- Updated - Aug 2, 2024
Credits
- Rafshanzani Suhada (finder)
CVE References
CVE-2023-6382 usage by Country
 United States | 22,414 websites |
 Germany | 8,875 websites |
 France | 4,663 websites |
 GB | 2,639 websites |
 Italy | 2,001 websites |
 Japan | 1,963 websites |
 Netherlands | 1,929 websites |
 Russia | 1,839 websites |
 Spain | 1,814 websites |
 Poland | 1,643 websites |
CVE-2023-6382 usage by TLD
| .com | 30,138 websites |
| .de | 4,385 websites |
| .org | 2,634 websites |
| .co.uk | 1,916 websites |
| .nl | 1,756 websites |
| .it | 1,646 websites |
| .fr | 1,525 websites |
| .com.br | 1,499 websites |
| .ru | 1,479 websites |
| .net | 1,364 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-6382
Top websites that are affected by CVE-2023-6382. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.org | United States | **,*** | |
| *********************.com | United States | **,*** | |
| *************.jp | Japan | **,*** | |
| ********.tv | United States | **,*** | |
| *******.org | United States | **,*** | |
| *****.com | United States | **,*** | |
| *************.com | United States | **,*** | |
| ***************.org | United States | **,*** | |
| ******.org | United States | **,*** | |
| ****.org | United States | **,*** |
FAQ
A total of 68,318 websites have been identified as vulnerable to CVE-2023-6382, discovered through global website indexing conducted by WebTechSurvey.
Master Slider is susceptible to CVE-2023-6382 vulnerability.
Master Slider versions before, and including, 3.9.9 are vulnerable to CVE-2023-6382.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2d2fc926-6f9f-4ed9-9598-e39b5e6c6544?source=cve
- https://plugins.trac.wordpress.org/browser/master-slider/trunk/includes/msp-shortcodes.php#L55
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3065917%40master-slider&new=3065917%40master-slider&sfp_email=&sfph_mail=
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3084860%40master-slider&new=3084860%40master-slider&sfp_email=&sfph_mail=