Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitWpvulndbWPEX-ID:57823DCB-2149-47F7-AAE2-D9F04DCE851A
HistoryJul 18, 2021 - 12:00 a.m.

Photo Gallery < 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG

2021-07-1800:00:00
wpvulndb
121
JSON

The plugin did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly (ie in the /wp-content/uploads/photo-gallery/ folder), leading to a Cross-Site Scripting (XSS) issue

When editing or creating a gallery, Click 'Add Images' then 'Upload Files' and upload an SVG with JavaScript code, then access the uploaded image from the uploads folder directly, e.g https://example.com/wp-content/uploads/photo-gallery/xss.svg

Example of malicious SVG:
<?xml version="1.0" standalone="no"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
  <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
  <script type="text/javascript">alert(document.domain);</script>
</svg>

Related

cve 1
prion 1
wpvulndb 1
openvas 1
cve
cve
CVE-2021-24362
2021-08-16 11:15:00
prion
prion
Cross site scripting
2021-08-16 11:15:00
wpvulndb
wpvulndb
Photo Gallery < 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG
2021-07-18 00:00:00
openvas
openvas
WordPress Photo Gallery Plugin < 1.5.75 Multiple Vulnerabilities
2021-08-23 00:00:00
JSON
Related for WPEX-ID:57823DCB-2149-47F7-AAE2-D9F04DCE851A
cve1prion1wpvulndb1openvas1