CVE-2021-25041Cross-site Scripting in Photo Gallery

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.1%
top 64.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
10web Photo Gallery
Timeline
PublishedDec 6
Latest updateDec 7

Description

The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVD10web/photo_gallery< 1.5.68

Patches

Patch: plugins.trac.wordpress.orgPatch: plugins.trac.wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-7x5v-x5hh-f8f3: The Photo Gallery by 10Web WordPress plugin before 12021-12-07
CVEList
Photo Gallery by 10Web < 1.5.68 - Reflected Cross-Site Scripting (XSS)2021-12-06
CVE-2021-25041 — Cross-site Scripting in Photo Gallery | cvebase