Responsive Gallery Grid < 2.3.15 – Admin+ Stored XSS | CVE 2024-4091 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Proof of Concept

You need to go to the RGG panel and complete the following steps:

1. Go to the "RGG Gallery"
2. Save the settings and intercept the request
3. Change the value for `rgg_options[margin]` to`123"onmouseover='alert(1)'`
4. Send the request
5. On the settings, move your mouse over the margin value to see the XSS

Affects Plugins

responsive-gallery-grid

Fixed in 2.3.15

References

CVE

URL

https://research.cleantalk.org/CVE-2024-4091/

YouTube Video

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Krugov Artyom

Submitter

Krugov Aryom

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

e28e79fa-f461-41fe-ad1c-ca768ea5f982

Timeline

Publicly Published

2024-04-11 (about 1 year ago)

Added

2024-10-30 (about 1 year ago)

Last Updated

2024-10-30 (about 1 year ago)

Other

Published

Title

Published

2024-06-06

Title

One Page Express Companion < 1.6.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via one_page_express_contact_form Shortcode

Published

2024-12-19

Title

Gulri Slider < 3.5.9 - Reflected Cross-Site Scripting

Published

2025-01-23

Title

Simple Video Management System <= 1.0.4 - Admin+ Stored XSS

Published

2023-02-02

Title

List Pages Shortcode < 1.7.6 - Contributor+ Stored XSS via Shortcode

Published

2023-08-01

Title

Bus Ticket Booking with Seat Reservation < 5.2.4 - Reflected XSS