Vulnerability Details: Authenticated Persistent Cross-Site Scripting (XSS) in MaxGalleria
The changelog for the latest version of the plugin MaxGalleria is “Added security enhancements”. Looking at the changes made in that version we saw that sanitization was added on some user input when editing images. By default users with the Author role and above can access the plugin’s functionality to edit images. With higher level users, they normally have the “unfiltered_html” capability, which permits them to do the equivalent of cross-site scripting (XSS), but Author level users they don’t. In checking on this we found that Author level users could previously place malicious JavaScript code in at least the Alternate Text and Link fields of images and that would then be output on admin pages, which would be an authenticated persistent cross-site scripting (XSS) vulnerability.
...
This post provides insights on a vulnerability in the WordPress plugin MaxGalleria not discovered by us, where the discoverer hadn't provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so the rest of its contents are limited to subscribers of our service.
If you were using our service, you would have already been warned about this vulnerability if your website is vulnerable due to it. You can try out our service for free and then see the rest of the details of the vulnerability.
For existing customers, please log in to your account to view the rest of the contents of the post.