2 matches found
CVE-2024-22150
CVE-2024-22150 relates to the WordPress plugin PowerFolio (Portfolio & Image Gallery). The issue is an improper neutralization of input during web page generation, yielding a Cross-Site Scripting (XSS) vulnerability. Affected software version range is PowerFolio for WordPress
CVE-2025-7046
CVE-2025-7046 : The Portfolio for Elementor & Image Gallery | PowerFolio plugin for WordPress is vulnerable to a stored cross-site scripting (XSS) attack via the Custom JS Attributes of plugin widgets in all versions up to and including 3.2.0. Exploitation requires authenticated access at Contrib...