WordPress Plugin Vulnerabilities

Gallery Photoblocks < 1.1.41 - Unauthenticated Reflected XSS

Description

Also Full Path Disclosure depending on the configuration of the server

Proof of Concept

Affects Plugins

Plugin icon
photoblocks-grid-gallery
Fixed in 1.1.41

References

URL
https://plugins.trac.wordpress.org/changeset/2117972

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
Yes
WPVDB ID
5c57e78a-97b9-4e23-8935-e4c9d806c89d

Timeline

Publicly Published
2019-07-05 (about 6 years ago)
Added
2019-07-05 (about 6 years ago)
Last Updated
2020-08-07 (about 5 years ago)

Other

Published
Title
Published
2018-11-07
Title
Better WordPress reCAPTCHA <= 2.0.3 - Unauthenticated Cross-Site Scripting (XSS)
Published
2024-05-07
Title
Mesmerize Companion < 1.6.149 - Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode
Published
2024-11-08
Title
Bamboo Enquiries <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-02-22
Title
MaxGalleria < 6.2.7 - Author+ Stored Cross-Site Scripting
Published
2023-04-28
Title
User IP and Location < 2.2.1 - Contributor+ Stored XSS