WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP Photo Album Plus < 8.0.10 - Stored Cross-Site Scripting (XSS)

Description

The plugin was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel.

Proof of Concept

http://127.0.0.1:8001/?search-submit={img%20src%20onerror=alert(1)} 

Then the admin neds to browse http://127.0.0.1:8001/wp-admin/admin.php?page=wppa_options&wppa-tab=miscadv and show the content of error log in the "logging" section.

Affects Plugins

wp-photo-album-plus
Fixed in version 8.0.10

References

CVE
CVE-2021-25115
URL
https://plugins.trac.wordpress.org/changeset/2655859/wp-photo-album-plus

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
dbc18c2c-7547-44fc-8a41-c819757e47a7

Timeline

Publicly Published

2022-01-02 (about 9 months ago)

Added

2022-01-14 (about 8 months ago)

Last Updated

2022-04-12 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin