CVE-2024-29833

WordPress Photo Gallery Plugin <= 1.8.21 Stored Cross Site Scripting in UploadHandler

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users.

El componente de carga de imágenes permite archivos SVG y la expresión regular utilizada para eliminar etiquetas de script se puede omitir mediante el uso de un payload de Cross Site Scripting que no coincide con la expresión regular; un ejemplo de esto es la inclusión de espacios en blanco dentro de la etiqueta del script. Un atacante debe apuntar a un usuario autenticado con permisos para acceder a esta función; sin embargo, una vez cargada, el payload también es accesible para usuarios no autenticados.

*Credits: AppCheck Ltd.

CVSS Scores

AppCheck Ltd.v3.1 5.4

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

Poc

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-20 CVE Reserved
2024-03-26 CVE Published
2024-03-27 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

CAPEC-63: Cross-Site Scripting (XSS)

References (2)

URL	Tag	Source
https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin
https://wordpress.org/plugins/photo-gallery/#developers

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
10Web Search vendor "10Web"		PhotoGallery Search vendor "10Web" for product "PhotoGallery"				>= 1.0.1 <= 1.8.21 Search vendor "10Web" for product "PhotoGallery" and version " >= 1.0.1 <= 1.8.21"		en		Affected