CVE-2025-13612

The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aigpl-gallery-album shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

WordPress plugin Album and Image Gallery plus Lightbox 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Album and Image Gallery plus Lightbox Plugin <= 1.6.2 is vulnerable to Broken Access Control

Software Album and Image Gallery plus Lightbox Type Plugin Vulnerable versions = 1.6.2 Fixed in 1.6.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25060 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID dd001a553b6f Credits Cat...

Uzbey: Album image XSS

There's an XSS in the album script caused by insufficient escaping of double quotes. PoC: https://staging.uzbey.com/album/image/679/1139%22%3E%3Ch1%3ESurprise!%3Cimg%20src=0%20onerror=%22alertdocument.domain%22%3E...