First published: Wed Jun 07 2023(Updated: )
The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
10web Photo Gallery | <=1.5.69 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-46889 is a vulnerability in the 10Web Photo Gallery plugin for WordPress that allows XSS attacks through the theme_id parameter.
CVE-2021-46889 allows XSS attacks in the 10Web Photo Gallery plugin version 1.5.69 and prior versions.
CVE-2021-46889 has a severity rating of 6.1 (medium).
To fix CVE-2021-46889, it is recommended to update the 10Web Photo Gallery plugin to a version that is not affected by the vulnerability.
More information about CVE-2021-46889 can be found at the following reference link: [CVE-2021-46889 Reference](https://packetstormsecurity.com/files/162227/WordPress-Photo-Gallery-1.5.69-Cross-Site-Scripting.html)