WordPress Plugin Vulnerabilities
Gallery by BestWebSoft < 4.7.0 - Author+ Stored Cross-Site Scripting
Description
The plugin does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role.
Proof of Concept
1. Go to Galleries > Add New. 2. Click "Add Media" and choose or upload an image. 3. When publishing (or updating) the Gallery, intercept the request and change the POST parameter with name `gllr_image_text%5B13%5D` (note the `13` is an ID and will be different in each case). Set the value to `" onload="alert(/XSS/)" e="`. 4. Load the Gallery on the frontend and see the alert. The XSS can also be attained with the same payload in the `gllr_image_alt_tag%5B13%5D` parameter.
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
dc11
Submitter
dc11
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-03-27 (about 1 years ago)
Added
2023-03-27 (about 1 years ago)
Last Updated
2023-03-27 (about 1 years ago)