CVE-2021-47929

MEDIUM

WordPress Plugin Filterable Portfolio Gallery 1.0 Stored XSS

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47929. PoCs published by Murat DEMİRCİ.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in the WordPress Filterable Portfolio Gallery plugin version 1.0. The attacker injects malicious JavaScript into the 'title' field, which is then stored in the database and executed when previewed.

Description

Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attackers can store JavaScript code like image tags with onerror handlers that execute when the gallery is previewed, affecting all users viewing the page.

Exploits (1)

exploitdb WORKING POC
by Murat DEMİRCİ · textwebappsphp
https://www.exploit-db.com/exploits/50458

This exploit demonstrates a stored XSS vulnerability in the WordPress Filterable Portfolio Gallery plugin version 1.0. The attacker injects malicious JavaScript into the 'title' field, which is then stored in the database and executed when previewed.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin Filterable Portfolio Gallery 1.0
Auth required
Prerequisites: WordPress installation · Filterable Portfolio Gallery plugin version 1.0 installed and activated · Access to plugin settings
devstral-2 · analyzed May 10, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-50458
https://www.exploit-db.com/exploits/50458
Product product
Official Product Homepage
http://www.filterable-portfolio.com/
Product product
Product Reference
https://wordpress.org/plugins/fg-gallery/
Third Party Advisory third-party-advisory
VulnCheck Advisory: WordPress Plugin Filterable Portfolio Gallery 1.0 Stored XSS
https://www.vulncheck.com/advisories/wordpress-plugin-filterable-portfolio-gallery-stored-xss

Scores

CVSS v3 6.4
EPSS 0.0019
EPSS Percentile 9.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
Filterable-Portfolio/Filterable Portfolio Gallery 1.0
Published May 10, 2026
Tracked Since May 10, 2026