2 matches found
CVE-2025-11866 Photographers galleries <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...
CVE-2025-11866
The CVE-2025-11866 entry concerns the WordPress Photographers galleries plugin (versions