CVE-2023-2708

🗓️ 16 May 2023 02:04:27Reported by WordfenceType

The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_term' parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. Possible for unauthenticated attackers to inject arbitrary web scripts

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2023-2708	16 May 202303:15	–	attackerkb
Circl	CVE-2023-2708	16 May 202307:30	–	circl
CNNVD	WordPress plugin Video Gallery 跨站脚本漏洞	16 May 202300:00	–	cnnvd
Cvelist	CVE-2023-2708 Video Gallery <= 1.0.10 - Reflected Cross-Site Scripting	16 May 202302:04	–	cvelist
EUVD	EUVD-2023-34172	3 Oct 202520:07	–	euvd
NVD	CVE-2023-2708	16 May 202303:15	–	nvd
OSV	CVE-2023-2708	16 May 202303:15	–	osv
Prion	Cross site scripting	16 May 202303:15	–	prion
RedhatCVE	CVE-2023-2708	23 May 202501:48	–	redhatcve
Vulnrichment	CVE-2023-2708 Video Gallery <= 1.0.10 - Reflected Cross-Site Scripting	16 May 202302:04	–	vulnrichment

NVD

Vulners

Node

i13websolution video_galleryRange<1.0.11wordpress

[
  {
    "vendor": "nik00726",
    "product": "Video Gallery",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.0.10",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.11/video-slider-with-thumbnails.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/8cfbad9f-61ba-4216-9078-c1e7e809899a
plugins	www.plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.10/video-slider-with-thumbnails.php
patchstack	www.patchstack.com/database/vulnerability/video-slider-with-thumbnails/wordpress-video-gallery-plugin-1-0-10-cross-site-scripting-xss-vulnerability

08 Apr 2026 18:18Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.16.1

EPSS0.01571

SSVC

CWE-79