How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

Gmedia Photo Gallery < 1.20.0 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed

Proof of Concept

https://youtu.be/kTMg65teTvU

Create an Album with the following payload as Name: test"><img src onerror=alert(/XSS/)>
Add a media via the "Add/Import files" menu and select the album created above

The XSS will be triggered when viewing the media post

Affects Plugins

Fixed in version 1.20.0 - plugin closed

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Kaushalendra Dubey

Submitter

Kaushalendra Dubey

Submitter twitter

Verified

Yes

WPVDB ID

d5ce4b8a-9aa5-4df8-b521-c2105990a87e

Timeline

Publicly Published

2022-04-25 (about 2 months ago)

Added

2022-04-25 (about 2 months ago)

Last Updated

2022-04-25 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin