2 matches found
CVE-2022-36292
WPChill Gallery PhotoBlocks plugin for WordPress is affected by Cross-Site Request Forgery (CSRF) in versions ≤ 1.2.6. The vulnerability stems from insufficient CSRF checks, potentially allowing authenticated users to perform unwanted actions. Public references from CVE-2022-36292 indicate the im...
CVE-2022-37407
The CVE-2022-37407 entry concerns WPChill Gallery PhotoBlocks plugin for WordPress (versions prior to 1.2.7). The root cause is insufficient sanitisation/escaping of parameters, enabling Multiple Authenticated Stored Cross-Site Scripting (XSS) by low-privileged users. Impact is defined as authent...