2 matches found
CVE-2022-1394
CVE-2022-1394 concerns the WordPress plugin Photo Gallery by 10Web. The affected software is the Photo Gallery plugin for WordPress, with vulnerable versions prior to 1.6.4. The root cause is improper validation and escaping of certain settings, which can allow Cross-Site Scripting (XSS) by high-...
CVE-2022-1394 Photo Gallery < 1.6.4 - Admin+ Stored Cross-Site Scripting
The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...