The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Metrics
Affected Vendors & Products
References
History
Fri, 29 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Photo Gallery By 10web Wordpress
Photo Gallery By 10web Wordpress photo Gallery By 10web Wordpress |
|
CPEs | cpe:2.3:a:photo_gallery_by_10web_wordpress:photo_gallery_by_10web_wordpress:*:*:*:*:*:*:*:* | |
Vendors & Products |
Photo Gallery By 10web Wordpress
Photo Gallery By 10web Wordpress photo Gallery By 10web Wordpress |
|
Metrics |
cvssV3_1
|
Fri, 29 Nov 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |
Title | Photo Gallery by 10Web < 1.8.31 - Admin+ Stored XSS | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-11-29T06:00:07.129Z
Updated: 2024-11-29T14:51:23.442Z
Reserved: 2024-11-01T17:49:46.621Z
Link: CVE-2024-10704
Vulnrichment
Updated: 2024-11-29T14:51:00.702Z
NVD
Status : Awaiting Analysis
Published: 2024-11-29T06:15:06.423
Modified: 2024-11-29T15:15:15.777
Link: CVE-2024-10704
Redhat
No data.