CVE-2022-2597 Visual Portfolio < 2.19.0 - Contributor+ CSS Injection

2022-09-0512:35:21

CWE-863

WPScan

www.cve.org

wordpress

plugin

vulnerability

authorization

css injection

0.001 Low

EPSS

Percentile

24.8%

JSON

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts

CNA Affected

[
  {
    "product": "Visual Portfolio, Photo Gallery & Post Grid",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.19.0",
        "status": "affected",
        "version": "2.19.0",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/3ffcee7c-1e03-448c-8006-a9405658cdb7

0.001 Low

EPSS

Percentile

24.8%

JSON

Related for CVELIST:CVE-2022-2597