WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Image Gallery - Grid Gallery < 1.1.6 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Proof of Concept

Create a gallery with the "Gallery Theme" set to "Gallery Image 2", add an image and put the following payload in the "Image Description" field: <svg/onload=alert(/XSS/)>
Save the image and gallery and view a post/page where the gallery is embed to trigger the XSS

The "Image Title" field is also vulnerable, with a payload such as "><img src onerror=alert(/XSS/)> (fixed in 1.1.5)

Affects Plugins

gallery-image-gallery-photo
Fixed in version 1.1.6

References

CVE
CVE-2022-1327

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Fayçal CHENA

Submitter

Fayçal CHENA

Submitter website
https://fafachena.com/
Submitter twitter
faycal_chena
Verified

Yes

WPVDB ID
6b71eb38-0a4a-49d1-96bc-84bbe675be1e

Timeline

Publicly Published

2022-06-03 (about 1 years ago)

Added

2022-06-03 (about 1 years ago)

Last Updated

2023-03-06 (about 6 months ago)

Our Other Services

WPScan WordPress Security Plugin