Lucene search
K

4 matches found

Nuclei
Nuclei
added 15 hours ago12 views

WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting

The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the album's name before outputting it in pages or posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting XSS attacks even when the unfiltered-html capabilit...

4.8CVSS6AI score0.00854EPSS
Exploits2References3
NVD
NVD
added 2022/05/16 3:15 p.m.14 views

CVE-2022-0873

The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is...

4.8CVSS0.00854EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/05/16 2:30 p.m.15 views

CVE-2022-0873 Gmedia Photo Gallery < 1.20.0 - Admin+ Stored Cross-Site Scripting

The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is...

5.1AI score0.00854EPSS
Exploits2References1
CVE
CVE
added 2022/05/16 2:30 p.m.76 views

CVE-2022-0873

The CVE-2022-0873 entry concerns the WordPress Gmedia Photo Gallery plugin prior to 1.20.0. The connected Nuclei template confirms a Cross-Site Scripting (XSS) vulnerability caused by failure to sanitize/escape the album name when output in pages or posts with a media embed. This could allow high...

4.8CVSS4.7AI score0.00854EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder