3 matches found
CVE-2024-1664
CVE-2024-1664 affects the WordPress plugin Responsive Gallery Grid (versions prior to 2.3.11). The vulnerability arises from insufficient sanitisation/escaping of several settings, which could allow high-privilege users (e.g., administrators) to perform Stored XSS, including in multisite configur...
CVE-2023-41659
CVE-2023-41659 : WordPress plugin “Responsive Gallery Grid” (BDWM/Responsive Gallery Grid, <= 2.3.10) suffers a Cross-Site Request Forgery (CSRF) vulnerability in its settings update, allowing unauthenticated actions on affected sites. Patchstack reports a fixed release in 2.3.14; prior report...
CVE-2024-4091
CVE-2024-4091 affects the WordPress plugin Responsive Gallery Grid (versions prior to 2.3.15). The issue arises from insufficient sanitization/escaping of certain plugin settings, enabling Cross-Site Scripting (XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. C...