CVE-2024-5968
Photo Gallery by 10Web <= 1.8.27 - Admin+ Stored XSSThe Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
We have discovered 37,676 live websites that are affected by CVE-2024-5968.
Affected Software
| Product |  Photo Gallery by 10Web |
| Category | Wordpress Plugins |
| Vulnerable Domains | 37,676 live websites (39% of Photo Gallery by 10Web install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 330 versions ( 57% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Oct 9, 2024
- Updated - Nov 5, 2024
Credits
- Dmitrii Ignatyev (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-5968 United States | 6,943 websites |
 Germany | 4,406 websites |
 Italy | 2,528 websites |
 France | 2,069 websites |
 Russia | 2,026 websites |
 Poland | 2,023 websites |
 GB | 1,596 websites |
 Netherlands | 1,101 websites |
 Czech Republic | 1,080 websites |
 Japan | 935 websites |
Website Distribution by TLD
Number of websites using CVE-2024-5968| .com | 12,230 websites |
| .de | 2,545 websites |
| .org | 1,908 websites |
| .it | 1,716 websites |
| .ru | 1,650 websites |
| .pl | 1,526 websites |
| .nl | 983 websites |
| .cz | 941 websites |
| .co.uk | 922 websites |
| .net | 800 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-5968
Top websites that are affected by CVE-2024-5968. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.*********.com |  India | *,*** | |
| *********.kz |  Kazakhstan | **,*** | |
| ******.name | France | **,*** | |
| *******.**.il |  Israel | **,*** | |
| ***********.org | United States | **,*** | |
| ***.info | United States | **,*** | |
| **********.***.ua |  Ukraine | **,*** | |
| **********.**.uk | GB | **,*** | |
| ********.cz | Czech Republic | **,*** | |
| ***.***.ph |  Philippines | **,*** |
FAQ
CVE-2024-5968 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Photo Gallery by 10Web
A total of 37,676 websites have been identified as vulnerable to CVE-2024-5968, based on global website indexing conducted by WebTechSurvey.
The Photo Gallery by 10Web is affected by the CVE-2024-5968 vulnerability.
Photo Gallery by 10Web versions up to 1.8.28 are vulnerable to CVE-2024-5968.
CVE-2024-5968 is resolved in version 1.8.28 of Photo Gallery by 10Web.