CVE-2021-47929

Vulnerability

Overview

CVE-2021-47929 is a stored cross-site scripting (XSS) vulnerability in the WordPress plugin Filterable Portfolio Gallery version 1. The flaw exists in the title field, where the plugin fails to properly sanitize user input before storing it. An authenticated attacker can inject arbitrary JavaScript payloads, such as <img src=x onerror=alert(1)>, which are then stored in the database and executed when the gallery is previewed or viewed by other users [1][2].

Exploitation

The attack requires authentication, meaning an attacker must first have a user account on the target WordPress site. No special privileges beyond that are required, as the title field is accessible to any authenticated user who can create or edit gallery items. The stored payload triggers in the browser of any user (including administrators and other visitors) who views the affected gallery page, due to the lack of output encoding [1][2].

Impact

A successful attack can lead to session hijacking, defacement, or theft of sensitive data such as cookies or authentication tokens. Because the XSS is stored, every page views by all users are potentially compromised, amplifying the attack's reach. The CVSS v3 score of 6.4 (Medium) reflects the need for authentication but also the ability to affect other users [1].

Mitigation

Status

At the time of disclosure, version 1.0 of Filterable Portfolio Gallery was confirmed vulnerable. No patch has been identified; users should the plugin no longer be supported, administrators may need to remove or replace it to eliminate the risk. The vulnerability is documented in public exploit databases, increasing the urgency for remediation [2].