CVE-2024-29810
WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg thumb_urlThe thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.
We have discovered 44,335 live websites that are affected by CVE-2024-29810.
Affected Software
| Product |  Photo Gallery by 10Web |
| Category | Wordpress Plugins |
| Vulnerable Domains | 44,335 live websites (42.24% of Photo Gallery by 10Web install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 329 versions ( 53.50% of all versions) |
Details
- Published - Mar 26, 2024
- Updated - Aug 2, 2024
Credits
- AppCheck Ltd. (finder)
CVE References
CVE-2024-29810 usage by Country
 United States | 11,618 websites |
 Germany | 5,520 websites |
 France | 2,589 websites |
 Poland | 2,345 websites |
 Russia | 2,267 websites |
 GB | 1,606 websites |
 Italy | 1,257 websites |
 Netherlands | 1,236 websites |
 Japan | 984 websites |
 Hungary | 780 websites |
CVE-2024-29810 usage by TLD
| .com | 15,881 websites |
| .de | 2,904 websites |
| .org | 2,288 websites |
| .ru | 1,881 websites |
| .pl | 1,835 websites |
| .nl | 1,154 websites |
| .co.uk | 1,034 websites |
| .it | 1,012 websites |
| .net | 924 websites |
| .fr | 880 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-29810
Top websites that are affected by CVE-2024-29810. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.kz |  Kazakhstan | **,*** | |
| ******.name | France | **,*** | |
| **********.**.uk | United States | **,*** | |
| ********.cz |  Czech Republic | **,*** | |
| ***.***.ph |  Philippines | **,*** | |
| ***.org | United States | **,*** | |
| ******************.org | United States | **,*** | |
| ****.***.pl | Poland | ***,*** | |
| **********.com | United States | ***,*** | |
| *****.edu | United States | ***,*** |
FAQ
A total of 44,335 websites have been identified as vulnerable to CVE-2024-29810, discovered through global website indexing conducted by WebTechSurvey.
Photo Gallery by 10Web is susceptible to CVE-2024-29810 vulnerability.
Photo Gallery by 10Web versions before, and including, 1.8.21 are vulnerable to CVE-2024-29810.