10 matches found
CVE-2026-4300
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom |...| marker pattern in its fixJsFunction method to embed raw JavaScript function references within JSON-encoded...
WordPress Robo Gallery plugin <= 5.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'Loading Label' Setting vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'Loading Label' Setting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Robo Gallery versions = 5.1.3...
EUVD-2026-20435
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom |...| marker pattern in its fixJsFunction method to embed raw JavaScript function references within JSON-encoded...
CVE-2026-4300
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom |...| marker pattern in its fixJsFunction method to embed raw JavaScript function references within JSON-encoded...
CVE-2026-4300
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom |...| marker pattern in its fixJsFunction method to embed raw JavaScript function references within JSON-encoded...
CVE-2026-4300 Robo Gallery <= 5.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'Loading Label' Setting
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom |...| marker pattern in its fixJsFunction method to embed raw JavaScript function references within JSON-encoded...
CVE-2026-4300
Robo Gallery for WordPress is affected up to version 5.1.3 with a Stored XSS in the Loading Label field (rbs_gallery_LoadingWord). The plugin uses a custom |... | marker in fixJsFunction() to embed raw JS within JSON; json_encode() preserves quotes, then fixJsFunction() strips the markers, turnin...
CVE-2026-4300 Robo Gallery <= 5.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'Loading Label' Setting
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom |...| marker pattern in its fixJsFunction method to embed raw JavaScript function references within JSON-encoded...
WordPress plugin Robo Gallery 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-31288
Name of the Vulnerable Software and Affected Versions Robo Gallery versions through 5.1.3 Description The Robo Gallery plugin for WordPress is susceptible to Stored Cross-Site Scripting via the 'Loading Label' setting. The plugin utilizes a custom |...| marker pattern within its fixJsFunction...