First published: Sun Sep 08 2019(Updated: )
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
10web Photo Gallery | <1.5.35 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-16118 is a vulnerability that allows for cross-site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before version 1.5.35 for WordPress.
CVE-2019-16118 can be exploited to perform cross-site scripting attacks on WordPress websites that have the vulnerable version of the photo-gallery (10Web Photo Gallery) plugin installed.
The severity of CVE-2019-16118 is medium, with a severity score of 6.1.
To fix CVE-2019-16118, WordPress users should update the photo-gallery (10Web Photo Gallery) plugin to version 1.5.35 or later.
More information about CVE-2019-16118 can be found at the following references: [Reference 1](http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html), [Reference 2](https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Options.php?old=2142624&old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FOptions.php), [Reference 3](https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/js/bwg.js?old=2135029&old_path=photo-gallery%2Ftrunk%2Fjs%2Fbwg.js)