WordPress Infinite Photography theme <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via project_url Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via projecturl Parameter vulnerability discovered by Francesco Carlucci in WordPress Theme Infinite Photography versions = 1.1.2...

WordPress Infinite Photography Theme <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Infinite Photography Type Theme Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5796 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c79e4707b2de Credits Francesco Carlucci...