First published: Fri May 14 2021(Updated: )
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
10web Photo Gallery | <1.5.69 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-24291 is a vulnerability in the Photo Gallery by 10Web WordPress plugin that allows for Reflected Cross-Site Scripting (XSS) attacks.
CVE-2021-24291 has a severity rating of medium (6.1).
The affected software version of CVE-2021-24291 is the Photo Gallery by 10Web plugin before version 1.5.69.
The Common Weakness Enumeration (CWE) ID for CVE-2021-24291 is CWE-79.
To fix CVE-2021-24291, update the Photo Gallery by 10Web plugin to version 1.5.69 or later.