Unrated severityNVD Advisory· Published Mar 26, 2024· Updated Aug 2, 2024

WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg thumb_url

CVE-2024-29810

Description

The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.

Affected products

10web/Photogalleryv5
Range: 1.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/mitre
wordpress.org/plugins/photo-gallery/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000