WordPress Plugin Vulnerabilities

Gallery with Thumbnail Slider < 6.1 - Contributor+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow users such as contributors to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
gallery-with-thumbnail-slider
Fixed in 6.1

References

CVE
CVE-2022-42485

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
65c79c75-90a0-4906-a637-d85fdc6f897c

Timeline

Publicly Published
2022-10-27 (about 3 years ago)
Added
2023-03-21 (about 3 years ago)
Last Updated
2023-03-21 (about 3 years ago)

Other

Published
Title
Published
2024-06-05
Title
Custom Dash <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2022-05-03
Title
VikBooking < 1.5.9 - Reflected Cross-Site Scripting
Published
2025-01-23
Title
ProfilePress < 4.15.20 - Admin+ Stored XSS
Published
2024-06-05
Title
Testimonials Widget <= 4.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via testimonials Shortcode
Published
2021-08-09
Title
Form Builder 1.9.8.4 - Reflected Cross-Site Scripting (XSS)