CVE-2021-24291 Scanner

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin is a popular WordPress plugin used to display images on websites. This plugin allows users to create stunning responsive galleries, customize them to fit their website theme or brand, and easily manage their image collections. With its user-friendly interface and numerous functionalities, this plugin has gained widespread adoption among website owners looking to showcase their visual content.

However, recently a vulnerability, CVE-2021-24291, was detected in this plugin. This vulnerability is a Reflected Cross-Site Scripting (XSS) issue that occurs via the gallery_id, tag, album_id, and _id GET parameters that are passed to the bwg_frontend_data AJAX action. This vulnerability can allow attackers to inject malicious code into a website's HTML or JavaScript code, which can lead to a range of serious security issues.

When exploited, this vulnerability can cause significant harm to websites. Attackers can use XSS attacks to steal sensitive user information, modify site content, steal login credentials, and even spread malware. This can ultimately ruin a website's reputation and lead to financial losses.

Thanks to the pro features of the securityforeveryone.com platform, website owners can easily and quickly learn about vulnerabilities in their digital assets. This platform offers comprehensive vulnerability scanning and reporting, which can help website owners detect potential vulnerabilities early on and take action to prevent them from being exploited. With securityforeveryone.com, website owners can protect their assets and keep their business safe from cyber threats.

REFERENCES

• https://packetstormsecurity.com/files/162227/
• https://wpscan.com/vulnerability/cfb982b2-8b6d-4345-b3ab-3d2b130b873a