CVE-2022-0750

The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnailwidth, thumbnailheight, maximagewidth, and maximageheight parameters found in the /photoswipe-masonry.php file which allows authenticated attackers t...

EUVD-2025-33607

Malicious code in frontend-photoswipe npm...

Malicious code in frontend-photoswipe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e08a30dcf287f7992949bf9a4870c6201c42b3aa3b59e0966a677899b4bca376 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48281 Malicious code in frontend-photoswipe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e08a30dcf287f7992949bf9a4870c6201c42b3aa3b59e0966a677899b4bca376 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2019-18546

Malware in sbrugna...

EUVD-2022-15813

Malicious code in bioql PyPI...

CVE-2024-5570

The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

CVE-2024-5473

The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2019-9168

WooCommerce before 3.5.5 allows XSS via a Photoswipe caption...

WordPress Simple Photoswipe plugin <= 0.1 - Subscriber+ Arbitrary Settings Update vulnerability

Subscriber+ Arbitrary Settings Update vulnerability discovered by Felipe Caon in WordPress Plugin Simple Photoswipe versions = 0.1...

WordPress Simple Photoswipe Plugin <= 0.1 is vulnerable to Settings Change

Software Simple Photoswipe Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-5570 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 461ac97ab0b1 Credits Felipe Caon Required privilege...

CVE-2024-5570

The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

CVE-2024-5570 Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update

The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

CVE-2024-5570

CVE-2024-5570 affects the Simple Photoswipe WordPress plugin (version

WordPress plugin Simple Photoswipe security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-36578 · WordPress · Simple Photoswipe

Name of the Vulnerable Software and Affected Versions: Simple Photoswipe WordPress plugin version 0.1 Description: The issue concerns a lack of authorization checks when updating settings, potentially allowing any authenticated user to modify them. Recommendations: For Simple Photoswipe WordPress...

WordPress Simple Photoswipe plugin <= 0.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Felipe Caon in WordPress Plugin Simple Photoswipe versions = 0.1...

CVE-2024-5473

The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5473

The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5473

The CVE-2024-5473 entry concerns the WordPress plugin Simple Photoswipe (