Login

Tag Archives: Photo Gallery by 10Web

21 Oct 2022

Wordfence Claimed That 300,000+ WordPress Sites Contained a “Critical” Security Vulnerability, It Wasn’t True

On Monday, a report was posted on Packet Storm claiming that the latest version of the WordPress plugin Photo Gallery by 10Web, 1.8.0, had a reflected cross-site scripting (XSS) vulnerability. That type of vulnerability isn’t a major issue and isn’t something that would be expected to be exploited on a wide-scale, if exploited at all. The plugin does have 300,000+ active installations according to WordPress, so there still could be a lot of websites that would be impacted. That would be if there was a vulnerability, but there wasn’t.

It shouldn’t be hard to tell this is a false report. [Read more]

13 Sep 2019

Not Really a WordPress Plugin Vulnerability, Week of September 13

In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic reports we release posts detailing why the vulnerability reports are false, but there have been a lot of that we haven’t felt rose to that level. In particular are items that are not outright false, just the issue is probably more accurately described as a bug. For those that don’t rise to level of getting their own post we now place them in a weekly post when we come across them.

Cross-Site Scripting in Sell Downloads

The report of claimed cross-site scripting vulnerability in the plugin Sell Downloads doesn’t make sense, since if you follow the proof of concept steps provided, the third one can’t be done. Working around that, we found that the report was false as the reporter didn’t understand that those with the unfiltered_html capability are allowed to place the equivalent of cross-site scripting (XSS) in to comments on posts, which is what they were claiming is a vulnerability, so there isn’t an issue here and even if you considered that an issue, it would be with WordPress, not the plugin. [Read more]

14 May 2019

Authenticated Local File Inclusion (LFI) Vulnerability in Photo Gallery by 10Web

Earlier today we detailed a vulnerability for our customers in a plugin by 10Web/TenWeb/Web-Dorado, where, while the vulnerability was fixed, the code still wasn’t properly secured. So that made what we then found while looking into the possibility that a vulnerability had also been fixed in their Photo Gallery (Photo Gallery by 10Web) plugin not all that surprising. While trying to confirm that there had been authenticated persistent cross-site scripting (XSS) vulnerability that had been fixed in the plugin we got an error message that indicated there was and we then confirmed still is an authenticated local file inclusion (LFI) vulnerability in the plugin. It really isn’t a great sign as the security of WordPress plugins that you can accidentally run into a vulnerability in a plugin with 300,000+ installs (according to wordpress.org).

The error message indicated that user input from a shortcode generated through the plugin was being passed in to the following line of code in the file /frontend/controllers/controller.php through the variable $view: [Read more]

14 May 2019

Vulnerability Details: Authenticated Persistent Cross-Site Scripting (XSS) in Photo Gallery by 10Web

One of the changelog entries for a new version of the plugin Photo Gallery (Photo Gallery by 10Web) released yesterday is “Fixed: Authenticated stored XSS.”. Looking at the changes made in that version it appears that refers to a change made in the plugin’s shortcode functionality. In testing this out we found that previously, logged in users could create new shortcodes for the plugin that included malicious JavaScript, so there was an authenticated persistent cross-site scripting (XSS) vulnerability.

[Read more]