Photo Gallery by 10web < 1.5.69 – Reflected Cross-Site Scripting (XSS) | Plugin Vulnerabilities

Description

The plugin did not properly sanitise the bwg_search_X GET parameter, available in a frontend gallery when the Show Search Box setting is enabled (disabled by default), leading to a reflected Cross-Site Scripting issue

Proof of Concept

Append the below payload in a page with an embedded gallery and the Show Search Box setting enabled (in Global Settings > Gallery Views)

?bwg_search_0=" onfocus="alert(/XSS/)

Affects Plugins

Fixed in 1.5.69

References

URL

https://plugins.trac.wordpress.org/changeset/2476338

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Submitter

WPScanTeam

Verified

Yes

WPVDB ID

6e5f0e04-36c0-4fb6-8194-fe32c15cb3b5

Timeline

Publicly Published

2021-02-23 (about 5 years ago)

Added

2021-02-23 (about 5 years ago)

Last Updated

2021-02-23 (about 5 years ago)

Other

Published

Title

Published

2022-04-21

Title

VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ Stored Cross-Site Scripting

Published

2017-10-05

Title

Raygun4WP < 1.8.3 - XSS

Published

2024-07-19

Title

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor < 1.26.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via File Upload

Published

2023-12-28

Title

WP User Profile Avatar < 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-11-08

Title

Email Log < 2.4.8 - Reflected Cross-Site Scripting