2 matches found
CVE-2022-1282
The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $GET'imageurl' variable, which is reflected back to the users when executing the editimagebwg AJAX action...
CVE-2022-1282
CVE-2022-1282 affects the WordPress plugin Photo Gallery by 10Web (before 1.6.3). The issue is a reflected XSS: $_GET['image_url'] is not sanitized and is echoed back in the editimage_bwg AJAX action. This can allow script execution via a crafted image_url payload. Remediation is upgrading to ver...