PT-2021-16398 · 10Web · The Photo Gallery

Thuramoemyint

Published

2021-12-06

Updated

2025-10-29

CVE-2021-25041

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web WordPress plugin versions prior to 1.5.68

Description: The issue is related to Reflected Cross-Site Scripting (XSS) via the bwg album breadcrumb 0 and shortcode id GET parameters passed to the bwg frontend data AJAX action.

Recommendations: For versions prior to 1.5.68, update to version 1.5.68 or later to resolve the issue. As a temporary workaround, consider restricting access to the bwg frontend data AJAX action to minimize the risk of exploitation. Avoid using the bwg album breadcrumb 0 and shortcode id parameters in the affected AJAX action until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-25041

Affected Products

The Photo Gallery

PT-2021-16398 · 10Web · The Photo Gallery

CVE-2021-25041

Weakness Enumeration

Related Identifiers

Affected Products

References · 7