The security of WordPress plugins is crucial for website integrity, as vulnerabilities can expose sites to attacks that compromise data and user trust. One such critical issue has been identified in the Photo Gallery, Images, Slider in Rbs Image Gallery plugin, affecting versions below 3.2.24. This vulnerability, CVE-2024-13384, allows attackers to exploit a Stored Cross-Site Scripting (XSS) vulnerability, leading to JavaScript backdoor creation. This article provides an in-depth analysis of the discovery, exploitation, and potential risks, along with recommendations to mitigate this issue.
| CVE | CVE-2024-13384 |
| Plugin | Photo Gallery, Images, Slider in Rbs Image Gallery < 3.2.24 |
| Critical | High |
| All Time | 2 110 005 |
| Active installations | 50 000+ |
| Publicly Published | March 20, 2025 |
| Last Updated | March 20, 2025 |
| Researcher | Artyom Krugov |
| OWASP TOP-10 | A7: Cross-Site Scripting (XSS) |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13384 https://wpscan.com/vulnerability/f65d8a83-6ce8-40be-8633-deffd555c349/ |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
PSC by CleantalkJoin the community of developers who prioritize security. Highlight your plugin in the WordPress catalog.
Timeline
| December 11, 2024 | Plugin testing and vulnerability detection in the Photo Gallery, Images, Slider in Rbs Image Gallry have been completed |
| December 11, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| March 20, 2025 | Registered CVE-2024-13384 |
Discovery of the Vulnerability
During a security audit of WordPress plugins, researchers identified a flaw in the Rbs Image Gallery plugin. The vulnerability resides in the rsg_galleryImages parameter within the Manage Galleries feature, where improperly sanitized input can lead to persistent script execution. The issue enables attackers to inject malicious JavaScript code, which executes whenever an administrator or user interacts with the infected gallery.
A proof-of-concept (PoC) payload demonstrating this issue is:
By injecting this payload, attackers can trigger script execution in the context of the affected site.
Understanding of XSS attack’s
Stored Cross-Site Scripting (XSS) is a vulnerability where malicious scripts are injected into a web application and stored permanently. Unlike Reflected XSS, which requires user interaction via crafted URLs, Stored XSS persists in the database, posing a continuous threat to site users and administrators.
Real Examples of Stored XSS in WordPress
- Comment Sections – Attackers inject scripts in comment fields that execute when administrators moderate comments.
- Plugin Settings Panels – Improperly sanitized input in plugin settings allows malicious scripts to execute when viewed.
- Profile Customization – Fields like “Bio” or “Custom CSS” in themes may be vulnerable if inputs aren’t sanitized.
- Image Galleries – As seen in CVE-2024-13384, malicious scripts can be stored within image metadata or gallery configurations.
Exploiting the XSS Vulnerability
Exploiting this vulnerability follows a simple yet effective process:
POC:
1) Access the Robo Gallery Plugin – Navigate to the WordPress dashboard. 2) Create a New Gallery – Under the “Manage Galleries” tab, add a new gallery. 3) Intercept the Request – Use a proxy tool such as Burp Suite to capture the request when saving the gallery. 4) Modify the rsg_galleryImages Parameter – Inject the XSS payload into this parameter. 5) Save and Trigger Execution – Once stored, the payload executes when an administrator or user views the gallery.____
The vulnerability resides in the rsg_galleryImages parameter within the Manage Galleries feature, where improperly sanitized input can lead to persistent script execution. The issue enables attackers to inject malicious JavaScript code, which executes whenever an administrator or user interacts with the infected gallery.
Recommendations for Improved Security
To mitigate the risks posed by CVE-2024-13384, administrators should immediately update the Rbs Image Gallery plugin to the latest patched version once it becomes available. Additionally, administrators should ensure that all user input fields, especially those used for gallery configurations, are properly sanitized and validated. Implementing a Content Security Policy (CSP) can help limit the impact of XSS attacks by restricting the sources from which scripts can be executed. Site administrators should also restrict the permissions of unauthenticated users and regularly review user roles to prevent privilege escalation. Limiting the use of JavaScript in input fields and using sanitization functions such as wp_kses() can prevent malicious input from being executed. To prevent this type of attacks vendor used our methods of prevention.
By taking proactive measures to address Stored XSS vulnerabilities like CVE-2024-13384, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #StoredXSS #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
Artyom k.