Picture Gallery < 1.4.4 – Authenticated Stored XSS | Plugin Vulnerabilities

Description

The plugin does not properly sanitize input on a field found in the plugin's settings page, leading to a stored cross site scripting risk where authenticated users can target other authenticated users.

Proof of Concept

Enter a XSS payload like "><script>alert(document.location)</script> in the "Content URL" field found on the plugin's Settings -> Options -> Access Control page.

Affects Plugins

picture-gallery

Fixed in 1.4.4

References

URL

https://packetstormsecurity.com/files/#163776/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Aryan Chehreghani

Verified

Yes

WPVDB ID

db6f054a-19ac-425b-8670-de94148f0523

Timeline

Publicly Published

2021-08-10 (about 4 years ago)

Added

2021-08-11 (about 4 years ago)

Last Updated

2022-04-02 (about 4 years ago)

Other

Published

Title

Published

2024-12-13

Title

WooCommerce Cart Count Shortcode <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2026-01-06

Title

Easy GitHub Gist Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

Published

2024-08-22

Title

Quick Code <= 1.0 - Stored XSS via CSRF

Published

2021-06-21

Title

Prismatic < 2.8 - Reflected Cross-Site Scripting (XSS)

Published

2024-03-21

Title

Page Builder: Pagelayer – Drag and Drop website builder < 1.8.5 - Contributor+ Stored XSS