CVE-2022-0750

The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnailwidth, thumbnailheight, maximagewidth, and maximageheight parameters found in the /photoswipe-masonry.php file which allows authenticated attackers t...

PT-2022-13410 · WordPress · Photoswipe Masonry Gallery

Name of the Vulnerable Software and Affected Versions: Photoswipe Masonry Gallery WordPress plugin versions up to and including 1.2.14 Description: The issue arises from insufficient escaping and sanitization of the thumbnail width, thumbnail height, max image width, and max image height paramete...