2 matches found
CVE-2023-3499
The CVE affects Robo Gallery (Rbs Image Gallery WordPress plugin) versions prior to 3.2.16. Root cause: some settings are not sanitized/escaped, enabling a stored XSS via admin actions even when unfiltered_html is disallowed ( multisite included). Impact: high-privilege users (e.g., admins) could...
CVE-2023-3499 Robo Gallery < 3.2.16 - Admin+ Stored XSS
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...