Photos and Files Contest Gallery < 21.3.1 – Author+ Stored Cross Site Scripting | CVE 2024-1487 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks.

Proof of Concept

1. Add a New gallery, and click on the "Add files" button to add content.
2. Now add a description for this content with the XSS payload and save the changes: <script>alert('XSS');</script>
3. Click on the "cg_gallery_no_voting" that redirects to the page to display the content. It will appear in the pop-up alert.

Affects Plugins

contest-gallery

Fixed in 21.3.1

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Giulio

Submitter

Mistborn

Submitter twitter

Verified

Yes

WPVDB ID

c028cd73-f30a-4c8b-870f-3071055f0496

Timeline

Publicly Published

2024-02-14 (about 2 months ago)

Added

2024-02-14 (about 2 months ago)

Last Updated

2024-02-14 (about 2 months ago)

Other

Published

Title

Published

2022-04-26

Title

Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting

Published

2022-01-12

Title

Mitsol Social Post Feed < 1.11 - Admin+ Stored Cross-Site Scripting

Published

2024-01-15

Title

Orbit Fox by ThemeIsle < 2.10.28 - Contributor+ Stored XSS

Published

2023-02-20

Title

Shipyaari Shipping Management <= 1.0 - Admin+ Stored XSS

Published

2024-03-01

Title

Nextend Social Login and Register < 3.1.13 - Reflected Self-Based Cross-Site Scripting via error_description