CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24293

In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.4%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://wpscan.com/vulnerability/5e1a4725-3d20-44b0-8a35-bbf4263957f7
https://www.imagely.com/wordpress-gallery-plugin/nextgen-pro/changelog/
https://wpscan.com/vulnerability/5e1a4725-3d20-44b0-8a35-bbf4263957f7
https://www.imagely.com/wordpress-gallery-plugin/nextgen-pro/changelog/

Products affected by CVE-2021-24293

Imagely » Nextgen Gallery » Version: N/A

cpe:2.3:a:imagely:nextgen_gallery:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24293

Products

Pricing

Contact Us