CVE-2021-24293

In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call getcartitems via photocratiajax , after that the settingsshippingaddressname is able to inject malicious javascript...

CVE-2021-24293

In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call getcartitems via photocratiajax , after that the settingsshippingaddressname is able to inject malicious javascript...

CVE-2021-24293

In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call getcartitems via photocratiajax , after that the settingsshippingaddressname is able to inject malicious javascript...

Code injection

In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call getcartitems via photocratiajax , after that the settingsshippingaddressname is able to inject malicious javascript...

CVE-2021-24293

The CVE-2021-24293 entry concerns the NextGEN Gallery Pro WordPress plugin (before 3.1.11). The vulnerability occurs in the eCommerce module: an action invokes photocrati_ajax to call get_cart_items, after which settings[shipping_address][name] can be manipulated to inject malicious JavaScript. D...

CVE-2021-24293 NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS)

In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call getcartitems via photocratiajax , after that the settingsshippingaddressname is able to inject malicious javascript...

WordPress NextGEN Gallery 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.NextGEN Gallery is an image gallery plugin used in it. WordPress plugin NextGEN Gallery Pro before 3.1.11 version has a...

WordPress NextGEN Gallery Pro premium plugin <= 3.1.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Mg Thura Moe Myint in WordPress NextGEN Gallery Pro premium plugin versions = 3.1.9. Solution Update the WordPress NextGEN Gallery Pro premium plugin to the latest available version at least 3.1.11...

WordPress NextGEN Gallery Pro premium plugin <= 3.1.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Thura Moe Myint in WordPress NextGEN Gallery Pro premium plugin versions = 3.1.9. Solution Update the WordPress NextGEN Gallery Pro premium plugin to the latest available version at least 3.1.11...

NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS)

In the eCommerce module of NextGEN Gallery Pro, there is an action to call getcartitems via photocratiajax , after that the settingsshippingaddressname is able to inject malicious javascript. PoC On a page where a NextGEN Pro gallery is embed:...

NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS)

In the eCommerce module of NextGEN Gallery Pro, there is an action to call getcartitems via photocratiajax , after that the settingsshippingaddressname is able to inject malicious javascript. On a page where a NextGEN Pro gallery is embed:...