3 matches found
CVE-2022-37407
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities in WPChill Gallery PhotoBlocks plugin = 1.2.6 at WordPress...
CVE-2022-37407 WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities in WPChill Gallery PhotoBlocks plugin = 1.2.6 at WordPress...
CVE-2022-37407
The CVE-2022-37407 entry concerns WPChill Gallery PhotoBlocks plugin for WordPress (versions prior to 1.2.7). The root cause is insufficient sanitisation/escaping of parameters, enabling Multiple Authenticated Stored Cross-Site Scripting (XSS) by low-privileged users. Impact is defined as authent...