Gallery Images Ape <= 2.2.8 – Contributor+ Stored XSS | CVE 2022-41785

Affects Plugins

gallery-images-ape

No known fix

References

CVE

CVE-2022-41785

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

thiennv

Verified

No

WPVDB ID

5114bbd9-668a-4e30-b5b4-52932ad12279

Timeline

Publicly Published

2022-10-31 (about 3 years ago)

Added

2023-03-21 (about 2 years ago)

Last Updated

2023-03-21 (about 2 years ago)

Other

Published

Title

Published

2025-04-21

Title

LightPress Lightbox < 2.3.4 - Contributor+ Stored XSS

Published

2025-12-11

Title

Zenost Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

Published

2019-05-15

Title

WP Live Chat Support < 8.0.27 - Unauthenticated Stored XSS

Published

2017-05-16

Title

WordPress Button Plugin MaxButtons <= 6.18 - Authenticated Cross-Site Scripting (XSS)

Published

2024-07-26

Title

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder < 5.1.20 - Authenticated (Administrator+) Stored Cross-Site Scripting