CVE-2022-2543 Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection

2022-09-0512:35:20

CWE-862

WPScan

www.cve.org

cve-2022-2543

visual portfolio

unauthenticated

css

injection

rest endpoints

wordpress

plugin

0.001 Low

EPSS

Percentile

41.1%

JSON

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts

CNA Affected

[
  {
    "product": "Visual Portfolio, Photo Gallery & Post Grid",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.18.0",
        "status": "affected",
        "version": "2.18.0",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/5dc8b671-f2fa-47be-8664-9005c4fdbea8

0.001 Low

EPSS

Percentile

41.1%

JSON

Related for CVELIST:CVE-2022-2543