CVE-2021-24529: Grid Gallery < 1.2.5 - Authenticated Stored Cross Site Scripting (XSS)
First published: Mon Aug 23 2021(Updated: )
The Grid Gallery – Photo Image Grid Gallery WordPress plugin before 1.2.5 does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Awplife Grid Gallery | <1.2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-24529?
CVE-2021-24529 is a vulnerability in the Grid Gallery WordPress plugin that allows for authenticated Stored Cross-Site Scripting (XSS) attacks.
How does CVE-2021-24529 impact the Grid Gallery plugin?
CVE-2021-24529 allows an attacker to inject malicious code into the title field of image galleries when adding them via the admin dashboard, potentially leading to XSS attacks.
What is the severity of CVE-2021-24529?
CVE-2021-24529 has a severity rating of medium with a CVSS score of 5.4.
How can I fix CVE-2021-24529?
To fix CVE-2021-24529, update the Grid Gallery plugin to version 1.2.5 or higher, which includes proper sanitization of the title field.
Where can I find more information about CVE-2021-24529?
You can find more details about CVE-2021-24529 at the following reference: https://wpscan.com/vulnerability/8953d931-19f9-4b73-991c-9c48db1af8b5
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/awplife
- canonical/awplife grid gallery