CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5481 – Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function
https://notcve.org/view.php?id=CVE-2024-5481
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the server, which can contain sensitive information, and to cut (delete) arbitrary directories, including the root WordPress directory. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery edit permissions to lower level users, which might make this exploitable by users as low as contributors. El complemento Photo Gallery by 10Web – Mobile-Friendly Image Gallery para WordPress es vulnerable a Path Traversal en todas las versiones hasta la 1.8.23 incluida a través de la función esc_dir. • https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L178 https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L436 https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L512 https://plugins.trac.wordpress.org/changeset/3098798 https://wordpress.org/plugins/photo-gallery/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/76c38826-4d49-4204-b6b6-b01d01373fa9?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5426 – Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG
https://notcve.org/view.php?id=CVE-2024-5426
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure Photo Gallery can be extended to contributors on pro versions of the plugin. El complemento Photo Gallery by 10Web – Mobile-Friendly Image Gallery para WordPress es vulnerable a Cross-Site Scripting Almacenado a través del parámetro 'svg' en todas las versiones hasta la 1.8.23 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/UploadHandler.php#L521 https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/UploadHandler.php#L542 https://plugins.trac.wordpress.org/changeset/3098798 https://www.wordfence.com/threat-intel/vulnerabilities/id/13436238-f14a-445b-9a9b-fbcf23b7b498?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2258 – Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-2258
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder para WordPress es vulnerable a Cross-Site Scripting Almacenado a través del nombre para mostrar del usuario que se completa automáticamente en los formularios en todas las versiones hasta la 1.15.24 incluida debido a una entrada insuficiente sanitización y escape de producción. Esto hace posible que atacantes autenticados, con acceso a nivel de suscriptor y superior, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://plugins.trac.wordpress.org/changeset/3071515 https://www.wordfence.com/threat-intel/vulnerabilities/id/af1075a5-9efa-4b86-9798-6dbafcba4db5?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2296 – Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVG
https://notcve.org/view.php?id=CVE-2024-2296
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. El complemento Photo Gallery by 10Web – Mobile-Friendly Image Gallery para WordPress es vulnerable a cross-site scripting almacenado a través de cargas de archivos SVG en todas las versiones hasta la 1.8.21 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso a nivel de administrador, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058445%40photo-gallery&new=3058445%40photo-gallery&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/994a044d-db69-4f2d-9027-cf3665446ed3?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29833 – WordPress Photo Gallery Plugin <= 1.8.21 Stored Cross Site Scripting in UploadHandler
https://notcve.org/view.php?id=CVE-2024-29833
The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users. El componente de carga de imágenes permite archivos SVG y la expresión regular utilizada para eliminar etiquetas de script se puede omitir mediante el uso de un payload de Cross Site Scripting que no coincide con la expresión regular; un ejemplo de esto es la inclusión de espacios en blanco dentro de la etiqueta del script. Un atacante debe apuntar a un usuario autenticado con permisos para acceder a esta función; sin embargo, una vez cargada, el payload también es accesible para usuarios no autenticados. • https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin https://wordpress.org/plugins/photo-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •