CVE-2021-47951

Vulnerability

Analysis

The WordPress Picture Gallery plugin version 1.4.2 contains a stored cross-site scripting (XSS) vulnerability in the Access Control settings. The Edit Content URL field does not properly neutralize user input, allowing attackers to inject arbitrary JavaScript code. This input is stored in the database and executed when the plugin triggers the affected functionality [1][2].

Exploitation

An authenticated attacker with administrative access to the plugin settings can exploit this vulnerability by navigating to Picture Gallery > Options > Access Control and entering a malicious payload into the Edit Content URL field. After saving, the payload is stored and executed without further validation, leading to script execution in the context of the plugin's interface [2].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the browser of any user who triggers the affected functionality. This can lead to session hijacking, credential theft, or other malicious actions performed on behalf of the victim user [1][2].

Mitigation

As of the advisory publication, version 1.4.2 is the latest affected version. Users should restrict administrative access to the plugin or apply any available updates from the plugin developer. No official patch has been confirmed [1].