3 matches found
CVE-2024-5970 MaxGalleria <= 6.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via maxgallery_thumb Shortcode
The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallerythumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-5970
CVE-2024-5970 applies to the MaxGalleria WordPress plugin. It is a Stored XSS vulnerability in the maxgallery_thumb shortcode, affecting all versions up to and including 6.4.4. The issue stems from insufficient input sanitization and output escaping on user-supplied attributes, allowing an attack...
CVE-2024-5970 MaxGalleria <= 6.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via maxgallery_thumb Shortcode
The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallerythumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...