Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.12 views

Awesome Support < 6.1.8 - Missing Authorization

Description The Awesome Support plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 6.1.7. This makes it possible for unauthenticated attackers to perform unauthorized actions...

9.8CVSS6.4AI score0.00402EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.24 views

Events Manager < 6.4.7 - Missing Authorization

Description The Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 6.4.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions...

8.8CVSS6.4AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.8 views

Layouts for Elementor < 1.8 - Missing Authorization to Unauthenticated Arbitrary File Upload

Description The Layouts for Elementor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the handleimport function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to upload arbitrary files that can be...

7.5CVSS7.2AI score0.00456EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.17 views

Mailster < 2.0.0 - Reflected Cross-Site Scripting

Description The Mailster plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00426EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.12 views

DELUCKS SEO < 2.5.5 - Missing Authorization

Description The DELUCKS SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the senduninstallreason function in versions up to, and including, 2.5.4. This makes it possible for unauthenticated attackers to send an uninstall reason to th...

9.8CVSS6.8AI score0.00402EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.14 views

Convert Post Types <= 1.4 - Reflected Cross-Site Scripting

Description The Convert Post Types plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

7.1CVSS6.5AI score0.00354EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.16 views

Hacklog Down As PDF <= 2.3.6 - Reflected Cross-Site Scripting

Description The Hacklog Down As PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.3AI score0.00354EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.16 views

B Slider - Slider for your block editor < 1.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The B Slider - Slider for your block editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

SellKit < 1.8.3 - Authenticated (Subscriber+) Arbitrary File Download

Description The SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster plugin for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 1.8.1. This is due to insufficient file validation in the handlefiledownload function. This mak...

6.5CVSS6.6AI score0.00623EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.18 views

Spiffy Calendar < 4.9.10 - Reflected Cross-Site Scripting

Description The Spiffy Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

7.1CVSS6.3AI score0.00414EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

collectchat < 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The collectchat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.8AI score0.0034EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.18 views

Contest Gallery < 21.3.6 - Reflected Cross-Site Scripting

Description The Contest Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 21.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.1CVSS6.3AI score0.00426EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.22 views

Landing Page Builder < 1.5.1.8 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.5.1.7 due to insufficient input sanitization and output escaping. Th...

5.9CVSS5.8AI score0.00359EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

Better Elementor Addons < 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.10 views

Special Box for Content <= 1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Special Box for Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5AI score0.00199EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.11 views

SpiderFAQ <= 1.3.2 - Reflected Cross-Site Scripting

Description The SpiderFAQ plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00354EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.22 views

Fluent CRM < 2.8.45 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Email Newsletter, Marketing, Email Automation and CRM Plugin for WordPress by FluentCRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.8.44 due to insufficient input sanitization and output escaping. Thi...

5.9CVSS5.7AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.16 views

CubeWP – All-in-One Dynamic Content Framework < 1.1.13 - Authenticated (Subscriber+) Arbitrary File Upload

Description The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cwpimportdatacallback function in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, wi...

9.9CVSS7.8AI score0.00643EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.14 views

SP Project & Document Manager <= 4.70 - Missing Authorization Stored Cross-Site Scripting

Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check function in versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject maliciou...

6.1AI score0.00158EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.13 views

Landingi Landing Pages < 3.1.2 - Cross-Site Request Forgery

Description The Landingi Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the action function. This makes it possible for unauthenticated attackers to update settings via...

5.4CVSS6.4AI score0.00209EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.19 views

WPC Badge Management for WooCommerce < 2.4.1 - Missing Authorization

Description The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

8.8CVSS6.2AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.11 views

Aesop Story Engine <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Aesop Story Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.5CVSS5.8AI score0.0032EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.11 views

Custom Field Bulk Editor <= 1.9.1 - Reflected Cross-Site Scripting

Description The Custom Field Bulk Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.1CVSS6.3AI score0.00354EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.13 views

Kanban Boards for WordPress <= 2.5.21 - Reflected Cross-Site Scripting

Description The Kanban Boards for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.5.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.1CVSS6.8AI score0.00354EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.18 views

Church Admin < 4.1.19 - Missing Authorization

Description The Church Admin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 4.1.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthoriz...

5.4CVSS6.5AI score0.00468EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.14 views

MP3 Audio Player for Music, Radio & Podcast by Sonaar < 5.1.1 - Missing Authorization

Description The MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.1. This makes it possible for authenticated attackers, with subscriber-level acce...

7.6CVSS6.5AI score0.00482EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.14 views

New Order Notification for Woocommerce <= 2.0.2 - Missing Authorization

Description The New Order Notification for Woocommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above,...

8.8CVSS8.2AI score0.00409EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.11 views

Mang Board WP < 1.8.1 - Reflected Cross-Site Scripting

Description The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00419EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.19 views

Events Manager < 6.4.7.2 - Cross-Site Request Forgery

Description The Events Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...

4.3CVSS6.5AI score0.00212EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.17 views

WOOCS – WooCommerce Currency Switcher < 1.4.1.8 - Cross-Site Request Forgery

Description The WOOCS – WooCommerce Currency Switcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.1.7. This is due to missing or incorrect nonce validation on the saveetalon function.. This makes it possible for unauthenticated attackers ...

8.8CVSS6.5AI score0.00241EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.12 views

WordPress Meta Data and Taxonomies Filter (MDTF) < 1.3.3.2 - Cross-Site Request Forgery

Description The WordPress Meta Data and Taxonomies Filter MDTF plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.3.1. This is due to missing or incorrect nonce validation on the changemetakey function. This makes it possible for unauthenticated...

8.8CVSS6.6AI score0.00241EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.18 views

Custom WooCommerce Checkout Fields Editor < 1.3.1 - Cross-Site Request Forgery

Description The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized...

4.3CVSS6.5AI score0.00212EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.13 views

Geo Controller < 8.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Geo Controller plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...

6.5CVSS5.8AI score0.00351EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.24 views

Lordicon Animated Icons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Lordicon Animated Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above...

6.5CVSS5.8AI score0.00348EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.19 views

GS Testimonial Slider < 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The GS Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ...

6.5CVSS5.9AI score0.0036EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.30 views

WP SMS < 6.6.3 - Cross-Site Request Forgery

Description The WP SMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.2. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request grante...

8.8CVSS6.7AI score0.00241EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

Nictitate <= 1.1.4 - Cross-Site Request Forgery

Description The Nictitate theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request...

4.3CVSS6.6AI score0.002EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.10 views

DD Rating <= 1.7.1 - Authenticated (Author+) Stored Cross-Site Scripting

Description The DD Rating plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitra...

5.9CVSS5.9AI score0.00319EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

Mighty Classic Pros And Cons <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Mighty Classic Pros And Cons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.5CVSS5.9AI score0.00331EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.13 views

Shortcode Addons <= 3.2.5 - Authenticated (Admin+) Arbitrary File Upload

Description The Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, wi...

9.1CVSS7.7AI score0.01353EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

AdsPlace'r – Ad Manager, Inserter, AdSense Ads <= 1.1.5 - Reflected Cross-Site Scripting

Description The AdsPlace'r – Ad Manager, Inserter, AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

6.1AI score0.00182EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.13 views

Prenotazioni <= 1.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Prenotazioni plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.7AI score0.00339EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

Popup Cart Lite for WooCommerce <= 1.1 - Cross-Site Request Forgery

Description The Popup Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation an unknown function. This makes it possible for unauthenticated attackers to perform an...

5.4CVSS6.4AI score0.00197EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.21 views

Floating Chat Widget < 3.1.9 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Chaty New Widget" 2...

5.3AI score0.00394EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.13 views

HeartThis <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The HeartThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.5CVSS5.9AI score0.0034EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.22 views

Booking Activities < 1.15.20 - Reflected Cross-Site Scripting

Description The Booking Activities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.15.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.3AI score0.00375EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.12 views

Spiffy Calendar < 4.9.11 - Missing Authorization

Description The Spiffy Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the adminmenuoutput function in versions up to, and including, 4.9.10. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.3CVSS6.2AI score0.00279EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.16 views

Whizzy <= 1.1.18 - Authenticated (Subscriber+) Insecure Direct Object Reference

Description The Whizzy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.18 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

6.5CVSS6.5AI score0.0036EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.16 views

BEAR < 1.1.4.4 - Missing Authorization

Description The BEAR plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woobeupdatepagefield function in versions up to, and including, 1.1.4.3. This makes it possible for unauthenticated attackers to update page details...

5.3CVSS6.8AI score0.00361EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.16 views

Responsive Image Gallery, Gallery Album <= 2.0.3 - Reflected Cross-Site Scripting

Description The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

7.1CVSS6.3AI score0.00398EPSS
Exploits0References1
Total number of security vulnerabilities14603