Photo Gallery, Images, Slider in Rbs Image Gallery < 3.2.22 – Contributor+ Stored XSS | CVE 2024-10144 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Proof of Concept

1) Create a new Robo Gallery
2) Add a new image using the media browser
3) For the image title, add the payload: `&lt;img src=x onerror=alert(1)&gt;`
4) Save and preview
5) Click on the image and when it pops up, see the XSS

Affects Plugins

Fixed in 3.2.22

References

CVE

URL

https://research.cleantalk.org/cve-2024-10144/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/

Verified

Yes

WPVDB ID

a83521d3-0aba-493d-8dec-e764277e69b8

Timeline

Publicly Published

2024-09-25 (about 1 year ago)

Added

2025-03-03 (about 9 months ago)

Last Updated

2025-04-09 (about 8 months ago)

Other

Published

Title

Published

2024-11-05

Title

Pricing Tables WordPress Plugin – Easy Pricing Tables < 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via fontFamily Attribute

Published

2025-09-26

Title

HT Feed < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-01-06

Title

SpeakOut! Email Petitions < 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-11-24

Title

ZWeb - Social Mobile <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Published

2024-10-10

Title

Embed videos and respect privacy < 1.3 - Reflected Cross-Site Scripting