AI Score
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
The Photos and Files Contest Gallery WordPress plugin before 21.3.1 does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks.
wpscan.com/vulnerability/c028cd73-f30a-4c8b-870f-3071055f0496/