3 matches found
WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'Custom Scripts' Setting vulnerability discovered by WordFence in WordPress Plugin Image Photo Gallery Final Tiles Grid versions = 3.6.8...
EUVD-2025-204660
The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom scripts' setting in all versions up to, and including, 3.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-13693 Image Photo Gallery Final Tiles Grid <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting
The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom scripts' setting in all versions up to, and including, 3.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...