Medium severity5.4NVD Advisory· Published Mar 26, 2024· Updated Jun 17, 2026
CVE-2024-29833
CVE-2024-29833
Description
The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 1.0.1
Patches
Vulnerability mechanics
References
2- appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/nvdExploitThird Party Advisory
- wordpress.org/plugins/photo-gallery/nvdProduct
News mentions
0No linked articles in our index yet.