# Exploit Title: WordPress Plugin Smart Slider-3 3.5.0.8 - 'name' Stored Cross-Site Scripting (XSS)# Exploit Author: Hardik Solanki# Date: 05/06/2021# Software Link: https://wordpress.org/plugins/smart-slider-3/# Version: 3.5.0.8# Tested on Windows*How to reproduce vulnerability:*1. Install WordPress 5.7.22. Install and activate the "*Smart Slider 3" Version 3.5.0.8* plugin
3. Navigate to "*Dashboard* and create a "*New Project*".4. Enter the JavaScript payload "*<script>alert(document.cookie)</script>*" into the "*Name*" field.5. You will observe that the Project has been created with malicious
JavaScript payload "<script>alert(document.cookie)</script>"and hence
project has been* created/stored*and thus JavaScript payload is executing
successfully.*XSS IMPACT:*1: Steal the cookie
2: User redirection to a malicious website
