3 matches found
CVE-2022-2597
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts...
CVE-2022-2597
creationtimestamp| type| source ---|---|--- 2022-09-05 16:12:08+00:00| seen| https://t.me/cibsecurity/49283...
CVE-2022-2597
The WordPress plugin Visual Portfolio, Photo Gallery & Post Grid (version before 2.19.0) has missing authorization checks on some REST endpoints. This allows users with a low-privilege role (as low as contributor) to call these endpoints and inject arbitrary CSS into saved layouts. Affected: Visu...