CVE-2024-29833
WordPress Photo Gallery Plugin <= 1.8.21 Stored Cross Site Scripting in UploadHandlerThe image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users.
We have discovered 44,335 live websites that are affected by CVE-2024-29833.
Affected Software
| Product |  Photo Gallery by 10Web |
| Category | Wordpress Plugins |
| Vulnerable Domains | 44,335 live websites (42.24% of Photo Gallery by 10Web install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 329 versions ( 53.50% of all versions) |
Details
- Published - Mar 26, 2024
- Updated - Aug 2, 2024
Credits
- AppCheck Ltd. (finder)
CVE References
CVE-2024-29833 usage by Country
 United States | 11,618 websites |
 Germany | 5,520 websites |
 France | 2,589 websites |
 Poland | 2,345 websites |
 Russia | 2,267 websites |
 GB | 1,606 websites |
 Italy | 1,257 websites |
 Netherlands | 1,236 websites |
 Japan | 984 websites |
 Hungary | 780 websites |
CVE-2024-29833 usage by TLD
| .com | 15,881 websites |
| .de | 2,904 websites |
| .org | 2,288 websites |
| .ru | 1,881 websites |
| .pl | 1,835 websites |
| .nl | 1,154 websites |
| .co.uk | 1,034 websites |
| .it | 1,012 websites |
| .net | 924 websites |
| .fr | 880 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-29833
Top websites that are affected by CVE-2024-29833. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.kz |  Kazakhstan | **,*** | |
| ******.name | France | **,*** | |
| **********.**.uk | United States | **,*** | |
| ********.cz |  Czech Republic | **,*** | |
| ***.***.ph |  Philippines | **,*** | |
| ***.org | United States | **,*** | |
| ******************.org | United States | **,*** | |
| ****.***.pl | Poland | ***,*** | |
| **********.com | United States | ***,*** | |
| *****.edu | United States | ***,*** |
FAQ
A total of 44,335 websites have been identified as vulnerable to CVE-2024-29833, discovered through global website indexing conducted by WebTechSurvey.
Photo Gallery by 10Web is susceptible to CVE-2024-29833 vulnerability.
Photo Gallery by 10Web versions before, and including, 1.8.21 are vulnerable to CVE-2024-29833.