CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29833 – WordPress Photo Gallery Plugin <= 1.8.21 Stored Cross Site Scripting in UploadHandler
https://notcve.org/view.php?id=CVE-2024-29833
The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users. El componente de carga de imágenes permite archivos SVG y la expresión regular utilizada para eliminar etiquetas de script se puede omitir mediante el uso de un payload de Cross Site Scripting que no coincide con la expresión regular; un ejemplo de esto es la inclusión de espacios en blanco dentro de la etiqueta del script. Un atacante debe apuntar a un usuario autenticado con permisos para acceder a esta función; sin embargo, una vez cargada, el payload también es accesible para usuarios no autenticados. • https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin https://wordpress.org/plugins/photo-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29809 – WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg image_url
https://notcve.org/view.php?id=CVE-2024-29809
The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue. El parámetro image_url de la llamada AJAX a la acción editimage_bwg de admin-ajax.php es vulnerable al Cross Site Scripting reflejado. El valor del parámetro image_url está incrustado dentro de un JavaScript existente dentro de la respuesta, lo que permite insertar y ejecutar JavaScript arbitrario. • https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin https://wordpress.org/plugins/photo-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29832 – WordPress Photo Gallery Plugin <= 1.8.21 Unauthenticated Reflected Cross Site Scripting in GalleryBox current_url
https://notcve.org/view.php?id=CVE-2024-29832
The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No authentication is required to exploit this issue. Note that other parameters within a AJAX call, such as image_id, must be valid for this vulnerability to be successfully exploited. El parámetro current_url de la llamada AJAX a la acción GalleryBox de admin-ajax.php es vulnerable al Cross Site Scripting reflejado. El valor del parámetro current_url está incrustado dentro de un JavaScript existente dentro de la respuesta, lo que permite insertar y ejecutar JavaScript arbitrario. • https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin https://wordpress.org/plugins/photo-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29810 – WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg thumb_url
https://notcve.org/view.php?id=CVE-2024-29810
The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue. El parámetro thumb_url de la llamada AJAX a la acción editimage_bwg de admin-ajax.php es vulnerable al Cross Site Scripting reflejado. El valor del parámetro thumb_url está incrustado dentro de un JavaScript existente dentro de la respuesta, lo que permite insertar y ejecutar JavaScript arbitrario. • https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin https://wordpress.org/plugins/photo-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29808 – WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg image_id
https://notcve.org/view.php?id=CVE-2024-29808
The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue. El parámetro image_id de la llamada AJAX a la acción editimage_bwg de admin-ajax.php es vulnerable al Cross Site Scripting reflejado. El valor del parámetro image_id está incrustado dentro de un JavaScript existente dentro de la respuesta, lo que permite insertar y ejecutar JavaScript arbitrario. • https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin https://wordpress.org/plugins/photo-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •