CVE-2024-29810 | 10Web PhotoGallery Plugin up to 1.8.21 on WordPress admin-ajax.php thumb_url cross site scripting

Inserito da Angelo Barbosa | Mar 26, 2024 | CVE

A vulnerability, which was classified as problematic, was found in 10Web PhotoGallery Plugin up to 1.8.21 on WordPress. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument thumb_url leads to cross site scripting.

This vulnerability is traded as CVE-2024-29810. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-29810 | 10Web PhotoGallery Plugin up to 1.8.21 on WordPress admin-ajax.php thumb_url cross site scripting

Post correlati

CVE-2024-41310 | AndServer 2.1.12 path traversal

CVE-2024-4362 | SiteOrigin Widgets Bundle Plugin up to 1.60.0 on WordPress Shortcode siteorigin_widget cross site scripting

CVE-2023-51488 | Automattic Crowdsignal Dashboard Plugin up to 3.0.11 on WordPress cross site scripting

CVE-2023-29134 | Cargo Extension up to 1.39.3 on MediaWiki Backticks Privilege Escalation