3 matches found
CVE-2022-0750
The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnailwidth, thumbnailheight, maximagewidth, and maximageheight parameters found in the /photoswipe-masonry.php file which allows authenticated attackers t...
CVE-2022-0750
The CVE-2022-0750 issue affects the WordPress Photoswipe Masonry Gallery plugin (versions up to 1.2.14). The root cause is insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters in photoswipe-masonry.php, enabling authenti...
WordPress Photoswipe Masonry Gallery 1.2.14 Cross Site Scripting
On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Photoswipe Masonry Gallery”, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to injec...