CVE-2021-24291: XSS
First published: Fri May 14 2021(Updated: )
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 10web Photo Gallery | <1.5.69 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-24291?
CVE-2021-24291 is a vulnerability in the Photo Gallery by 10Web WordPress plugin that allows for Reflected Cross-Site Scripting (XSS) attacks.
How severe is CVE-2021-24291?
CVE-2021-24291 has a severity rating of medium (6.1).
What is the affected software version of CVE-2021-24291?
The affected software version of CVE-2021-24291 is the Photo Gallery by 10Web plugin before version 1.5.69.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-24291?
The Common Weakness Enumeration (CWE) ID for CVE-2021-24291 is CWE-79.
How can I fix CVE-2021-24291?
To fix CVE-2021-24291, update the Photo Gallery by 10Web plugin to version 1.5.69 or later.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- vendor/10web
- canonical/10web photo gallery