Medium severity5.4NVD Advisory· Published Mar 26, 2024· Updated Jun 17, 2026
CVE-2024-29808
CVE-2024-29808
Description
The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 1.0.1
Patches
Vulnerability mechanics
References
2- appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/nvdExploitThird Party Advisory
- wordpress.org/plugins/photo-gallery/nvdProduct
News mentions
0No linked articles in our index yet.