CVE-2025-0613
📋 TL;DR
The Photo Gallery by 10Web WordPress plugin before version 1.8.34 contains a stored cross-site scripting (XSS) vulnerability. Unauthenticated attackers can inject malicious scripts into image comments, which execute when other users view those comments. This affects all WordPress sites using vulnerable versions of this plugin.
💻 Affected Systems
- Photo Gallery by 10Web WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, take over WordPress admin accounts, deface websites, or redirect users to malicious sites, potentially leading to complete site compromise.
Likely Case
Attackers will typically inject scripts to steal user session cookies or credentials, potentially compromising user accounts and performing actions on their behalf.
If Mitigated
With proper input validation and output escaping, malicious scripts would be neutralized before execution, preventing any impact.
🎯 Exploit Status
Stored XSS vulnerabilities are commonly exploited. The unauthenticated nature makes this particularly attractive to attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.8.34
Vendor Advisory: https://wpscan.com/vulnerability/22be2b44-cd42-4b02-8448-59dd2989dde1/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Photo Gallery by 10Web'. 4. Click 'Update Now' if available, or download version 1.8.34+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable comment functionality
allTemporarily disable image comments in plugin settings to prevent exploitation
Disable plugin
linuxDeactivate the Photo Gallery plugin until patched
wp plugin deactivate photo-gallery
🧯 If You Can't Patch
- Implement a web application firewall (WAF) with XSS protection rules
- Restrict access to the WordPress admin area to trusted IP addresses only
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Photo Gallery by 10Web → Version. If version is below 1.8.34, you are vulnerable.Check Version:
wp plugin get photo-gallery --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 1.8.34 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual comment submissions containing script tags or JavaScript code
- Multiple comment attempts from single IP addresses
Network Indicators:
- HTTP POST requests to comment submission endpoints with suspicious payloads
SIEM Query:
source="wordpress.log" AND "POST /wp-admin/admin-ajax.php" AND "action=bwg_frontend_data" AND ("<script>" OR "javascript:")