First published: Mon Dec 06 2021(Updated: )
The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
10web Photo Gallery | <1.5.68 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-25041.
The severity level of CVE-2021-25041 is medium, with a CVSS score of 6.1.
The Photo Gallery by 10Web WordPress plugin before 1.5.68 is affected by CVE-2021-25041.
CVE-2021-25041 allows for Reflected Cross-Site Scripting (XSS) attacks.
To fix CVE-2021-25041, update the Photo Gallery by 10Web WordPress plugin to version 1.5.68 or later.