4 matches found
CVE-2024-49696
CVE-2024-49696 is a Stored XSS in the Robo Gallery (WordPress plugin: Photo Gallery/ Robo Gallery) that affects versions 3.2.21 and earlier. The root cause is improper neutralization of input during web page generation. Impact is cross-site scripting potential; the Patchstack entry notes a low-se...
CVE-2024-10102
CVE-2024-10102 describes a stored cross-site scripting vulnerability in the WordPress plugin “Photo Gallery, Images, Slider” (Rbs Image Gallery) prior to version 3.2.22. The issue arises because Gallery settings are not properly sanitized/escaped, enabling high-privilege users (e.g., Contributors...
CVE-2024-13384
CVE-2024-13384 affects the WordPress plugin “Photo Gallery, Images, Slider in Rbs Image Gallery” prior to version 3.2.24. The issue arises from improper sanitisation and escaping of certain plugin settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is di...
CVE-2024-10144
CVE-2024-10144 affects the Photo Gallery, Images, Slider in the Rbs Image Gallery WordPress plugin (pre-3.2.22). The issue is inadequate sanitization/escaping of certain settings, enabling a high-privilege user (e.g., contributor) to perform a Stored XSS attack even when unfiltered_html is disall...