WordPress Plugin Vulnerabilities

Image Photo Gallery Final Tiles Grid < 3.5.3 - Contributor+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard

Proof of Concept

As a contributor, create/edit a gallery and add the following payload in the Description field: "><img src onerror=alert(/XSS/)>

The XSS will be triggered when the gallery is edited (for example, by an admin checking it)

Affects Plugins

Plugin icon
final-tiles-grid-gallery-lite
Fixed in 3.5.3

References

CVE
CVE-2022-0186

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Harshit (aka fumenoid), Siddhant Chouhan (aka sidchn)
Submitter
Harshit
Submitter twitter
fumenoid
Verified
Yes
WPVDB ID
3a9c44c0-866e-4fdf-b53d-666db2e11720

Timeline

Publicly Published
2022-01-18 (about 2 years ago)
Added
2022-01-18 (about 2 years ago)
Last Updated
2022-04-12 (about 2 years ago)

Other

Published
Title
Published
2024-03-29
Title
PowerPack Addons for Elementor < 2.7.18 - Contributor+ Stored XSS
Published
2019-05-15
Title
WP Live Chat Support < 8.0.27 - Unauthenticated Stored XSS
Published
2023-01-13
Title
Happyforms < 1.22.0 - Contributor+ Stored XSS
Published
2022-07-04
Title
Unyson < 2.7.27 - Reflected Cross-Site Scripting
Published
2022-09-14
Title
Awesome Support < 6.0.8 - Authenticated Stored XSS