Gallery by BestWebSoft < 4.7.0 – Author+ Stored Cross-Site Scripting | CVE 2023-0764 | Plugin Vulnerabilities

Description

The plugin does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role.

Proof of Concept

1. Go to Galleries > Add New.
2. Click "Add Media" and choose or upload an image.
3. When publishing (or updating) the Gallery, intercept the request and change the POST parameter with name `gllr_image_text%5B13%5D` (note the `13` is an ID and will be different in each case). Set the value to `" onload="alert(/XSS/)" e="`.
4. Load the Gallery on the frontend and see the alert.

The XSS can also be attained with the same payload in the `gllr_image_alt_tag%5B13%5D` parameter.

Affects Plugins

Fixed in 4.7.0

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

dc11

Submitter

dc11

Verified

Yes

WPVDB ID

d48c6c50-3734-4191-9833-0d9b09b1bd8a

Timeline

Publicly Published

2023-03-27 (about 2 years ago)

Added

2023-03-27 (about 2 years ago)

Last Updated

2023-03-27 (about 2 years ago)

Other

Published

Title

Published

2021-03-24

Title

Elementor < 3.4.8 - DOM Cross-Site-Scripting

Published

2024-10-17

Title

Suki Sites Import <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Published

2025-10-08

Title

Betheme < 28.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'page_title'

Published

2024-12-02

Title

AWeber Forms by Optin Cat < 2.5.8 - Reflected Cross-Site Scripting

Published

2023-11-14

Title

Post Status Notifier Lite < 1.11.1 - Reflected Cross-Site Scripting