Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbIohexWPVDB-ID:8C2ADADD-0684-49A8-9185-0C7D9581AEF1
HistoryDec 06, 2022 - 12:00 a.m.

WordPress Filter Gallery Plugin < 0.1.6 - Admin+ Stored XSS

2022-12-0600:00:00
iohex
wpscan.com
16
wordpress filter gallery plugin
stored xss
admin+
unescaped filters
html
javascript

EPSS

0.001

Percentile

25.3%

JSON

The plugin does not properly escape the filters passed in the ufg_gallery_filters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page, even when the unfiltered_html capability is disabled.

PoC

Create a new filter with the name “”, save it and reload the page.

Related

cvelist 1
prion 1
nvd 1
cve 1
wpexploit 1
cvelist
cvelist
CVE-2022-4142 WordPress Filter Gallery Plugin < 0.1.6 - Admin+ Stored XSS
2023-01-02 21:49:17
prion
prion
Design/Logic Flaw
2023-01-02 22:15:00
nvd
nvd
CVE-2022-4142
2023-01-02 22:15:16
cve
cve
CVE-2022-4142
2023-01-02 22:15:16
wpexploit
wpexploit
WordPress Filter Gallery Plugin < 0.1.6 - Admin+ Stored XSS
2022-12-06 00:00:00

EPSS

0.001

Percentile

25.3%

JSON
Related for WPVDB-ID:8C2ADADD-0684-49A8-9185-0C7D9581AEF1
cvelist1prion1nvd1cve1wpexploit1