The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts
CPE | Name | Operator | Version |
---|---|---|---|
visual_portfolio\\,_photo_gallery_\\&_post_grid | lt | 2.19.0 |