CVE-2024-5570

The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

CVE-2024-5473

The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Simple Photoswipe plugin <= 0.1 - Subscriber+ Arbitrary Settings Update vulnerability

Subscriber+ Arbitrary Settings Update vulnerability discovered by Felipe Caon in WordPress Plugin Simple Photoswipe versions = 0.1...

WordPress Simple Photoswipe Plugin <= 0.1 is vulnerable to Settings Change

Software Simple Photoswipe Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-5570 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 461ac97ab0b1 Credits Felipe Caon Required privilege...

CVE-2024-5570 Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update

The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

WordPress plugin Simple Photoswipe security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-36578 · WordPress · Simple Photoswipe

Name of the Vulnerable Software and Affected Versions: Simple Photoswipe WordPress plugin version 0.1 Description: The issue concerns a lack of authorization checks when updating settings, potentially allowing any authenticated user to modify them. Recommendations: For Simple Photoswipe WordPress...

CVE-2024-5473

The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5473 Simple Photoswipe <= 0.1 - Admin+ Stored XSS

The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5473 Simple Photoswipe <= 0.1 - Admin+ Stored XSS

The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Simple Photoswipe Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Software Simple Photoswipe Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5473 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 09269b6846fc Credits Felipe Caon Required...

WordPress plugin Simple Photoswipe security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-36408 · WordPress · Simple Photoswipe

Name of the Vulnerable Software and Affected Versions: Simple Photoswipe WordPress plugin version 0.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape some ...