Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:16B80B13-3451-4B4F-99BD-451069780679
HistoryFeb 24, 2022 - 12:00 a.m.

Photoswipe Masonry Gallery < 1.2.15 - Subscriber+ Stored Cross-Site Scripting

2022-02-2400:00:00
wpscan.com
9
photoswipe masonry gallery
cross-site scripting
subscriber
authorization
csrf
sanitization

EPSS

0.001

Percentile

26.4%

JSON

The plugin does not have authorisation and CSRF when updating its gallery settings via the update() function hooked to admin_menu, allowing any authenticated users, such as subscriber to update them and set Cross-Site Scripting payloads in them due to the lack of sanitisation and escaping

Related

wordfence 1
cve 1
prion 1
cvelist 1
packetstorm 1
zdt 1
nvd 1
wordfence
wordfence
Stored Cross-Site Scripting Vulnerability Patched in a WordPress Photo Gallery Plugin
2022-02-24 16:04:50
cve
cve
CVE-2022-0750
2022-03-23 20:15:10
prion
prion
Cross site scripting
2022-03-23 20:15:00
cvelist
cvelist
CVE-2022-0750
2022-03-23 19:46:50
packetstorm
packetstorm
WordPress Photoswipe Masonry Gallery 1.2.14 Cross Site Scripting
2022-02-25 00:00:00
zdt
zdt
WordPress Photoswipe Masonry Gallery 1.2.14 Cross Site Scripting Vulnerability
2022-02-26 00:00:00
nvd
nvd
CVE-2022-0750
2022-03-23 20:15:10

EPSS

0.001

Percentile

26.4%

JSON
Related for WPVDB-ID:16B80B13-3451-4B4F-99BD-451069780679
wordfence1cve1prion1cvelist1packetstorm1zdt1nvd1