WordPress Plugin Vulnerabilities

Simple Photo Gallery <= 1.8.0 - Stored Cross-Site Scripting (XSS)

Description

26-April-2016 - Reported
27-April-2016 - Vendor Response
27 -April-2016 - Vendor Fixed
28-April-2016 - Public disclosed

Affects Plugins

Plugin icon
simple-photo-gallery
Fixed in 1.8.1

References

URL
https://web.archive.org/web/20191101060004/http://www.rootlabs.com.br/xss-simple-photo-gallery/
URL
https://www.openwall.com/lists/oss-security/2016/05/11/13

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Oliveira Lima A.K.A @venom
Submitter twitter
@oliveiralimajr
Verified
No
WPVDB ID
58aa786b-963e-476c-9e99-2d26921a5dc5

Timeline

Publicly Published
2016-04-28 (about 10 years ago)
Added
2016-04-29 (about 10 years ago)
Last Updated
2020-03-09 (about 6 years ago)

Other

Published
Title
Published
2023-05-10
Title
Order Your Posts Manually <= 2.2.5 - Admin+ SQLi
Published
2024-05-02
Title
Button contact VR < 4.7.7 - Admin+ Stored XSS
Published
2024-09-30
Title
SliceWP < 1.1.19 - Reflected Cross-Site Scripting
Published
2026-03-20
Title
MyDecor < 1.5.9 - Reflected Cross-Site Scripting
Published
2024-12-02
Title
Magical Addons For Elementor < 1.3.7 - Contributor+ Stored XSS