CVE-2021-24291

CVE-2021-24291: Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)

Vendor Photo Gallery Team
Product Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Weakness CWE-79 · XSS
Published May 14, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)

Key dates

02Disclosure timeline

May 14, 2021 CVE published
August 3, 2024 Record updated