The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/6b71eb38-0a4a-49d1-96bc-84bbe675be1e | Exploit Third Party Advisory |
Configurations
History
26 Oct 2022, 19:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:rich-web:image_gallery:*:*:*:*:*:wordpress:*:* | |
First Time |
Rich-web
Rich-web image Gallery |
15 Aug 2022, 11:16
Type | Values Removed | Values Added |
---|---|---|
Summary | The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
07 Jul 2022, 15:17
Type | Values Removed | Values Added |
---|---|---|
First Time |
Image Gallery - Grid Gallery Project
Image Gallery - Grid Gallery Project image Gallery - Grid Gallery |
|
CPE | cpe:2.3:a:image_gallery_-_grid_gallery_project:image_gallery_-_grid_gallery:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 4.8 |
References | (MISC) https://wpscan.com/vulnerability/6b71eb38-0a4a-49d1-96bc-84bbe675be1e - Exploit, Third Party Advisory |
27 Jun 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-27 09:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-1327
Mitre link : CVE-2022-1327
CVE.ORG link : CVE-2022-1327
JSON object : View
Products Affected
rich-web
- image_gallery
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')