WP Gallery Bank - Best Gallery Albums Plugin 2.0.26 - 3.0.69, Reflected XSS
The output of an un-sanitized QSA string allows injection of arbitrary content on the WordPress admin panel. Quotes are escaped with slashes before being output, so the attacker must take this in to account when generating a payload.
Update to version 3.0.70
Proof of Concept
If a user who has administrative access – and is already logged in – can be tricked into visiting a specifically crafted link, then arbitrary JS can be executed. The below example will trigger an alert box upon visiting the page.
- 2014-10-10: Discovered
- 2014-10-10: Reported to vendor
- 2014-10-11: Vendor responded, 3.0.70 released, issue resolved
- 2014-10-13: CVE requested
- 2014-10-14: CVE assigned
- 2014-10-18: Advisory released