CVE-2024-1664 Responsive Gallery Grid < 2.3.11 - Admin+ Stored XSS

2024-04-0905:00:01

WPScan

www.cve.org

responsive gallery grid

wordpress

stored xss

unfiltered html

multisite

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Responsive Gallery Grid",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.3.11"
      }
    ],
    "defaultStatus": "unaffected"
  }
]