CVE-2021-24293

Summary

In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript.

Affected Software

VendorProductVersion RangeStatus
UnknownNextGen Gallery Pro3.1.11 < 3.1.11affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References