WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting (XSS)

vendor:

Filterable Portfolio Gallery

by:

Murat DEMIRCI

9.8

CVSS

CRITICAL

Stored Cross-Site Scripting (XSS)

CWE

Product Name: Filterable Portfolio Gallery

Affected Version From: 1

Affected Version To: 1

Patch Exists: YES

Related CWE:

CPE: a:filterable-portfolio:filterable_portfolio_gallery:1.0

Metasploit:

Other Scripts:

Platforms Tested: Windows 10

2021

WordPress Plugin Filterable Portfolio Gallery 1.0 – ‘title’ Stored Cross-Site Scripting (XSS)

A stored Cross-Site Scripting (XSS) vulnerability exists in WordPress Plugin Filterable Portfolio Gallery 1.0, which allows an attacker to inject malicious JavaScript code into the 'title' field. An attacker can exploit this vulnerability by entering a malicious JavaScript payload into the 'title' field, saving and previewing it. The payload will be stored in the database and will be executed when the page is viewed.

Mitigation:

The vendor has released an update to address this vulnerability. Users should update to the latest version of the plugin.

Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting (XSS)
# Date: 10/25/2021
# Exploit Author: Murat DEMIRCI (@butterflyhunt3r)
# Vendor Homepage: http://www.filterable-portfolio.com/
# Software Link: https://wordpress.org/plugins/fg-gallery/
# Version: 1.0
# Tested on : Windows 10

#Poc:

1. Install Latest WordPress

2. Install and activate Filterable Portfolio Gallery 1.0

3. Open plugin on the left frame and enter JavaScript payload which is mentioned below into 'title' field, save and preview.

<img src=x onerror=alert(1)> 

4. You will observe that the payload successfully got stored into the database and alert will be seen on the screen.