CVE-2021-24293

CVE-2021-24293: NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS)

Vendor Unknown

Product NextGen Gallery Pro

Weakness CWE-79 · XSS

Published May 5, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript.

Key dates

02Disclosure timeline

May 5, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24293 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-44060 WordPress filmix theme <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-30623 WordPress wA11y – The Web Accessibility Toolbox plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability CVE-2026-32411 WordPress Embed Calendly plugin <= 4.4 - Cross Site Scripting (XSS) vulnerability CVE-2025-11147 Reflected Cross-site scripting (XSS) vulnerability in Apt-Cacher-NG CVE-2025-22341 WordPress Hide Login+ plugin <= 3.5.1 - Reflected Cross Site Scripting (XSS) vulnerability