WordPress Plugin Vulnerabilities

Huge IT Image Gallery <= 1.7.0 - Reflected Cross-Site Scripting (XSS)

Description

The gallery-images WordPress plugin was affected by a Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
gallery-images
Fixed in 1.7.1

References

URL
https://security.szurek.pl/huge-it-image-gallery-170-reflected-xss.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Kacper Szurek
Submitter website
http://security.szurek.pl/
Submitter twitter
https://twitter.com/KacperSzurek
Verified
No
WPVDB ID
7cb7b7a1-fcea-42ad-9f91-e99555f40b63

Timeline

Publicly Published
2016-02-08 (about 10 years ago)
Added
2016-02-10 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2024-11-20
Title
LSX Tour Operator < 2.0.0 - Author+ Stored XSS via SVG File Upload
Published
2024-08-19
Title
Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary JavaScript File Uploads
Published
2024-03-13
Title
Contact Form by BestWebSoft < 4.2.9 - Reflected Cross-Site Scripting via cntctfrm_contact_address
Published
2025-03-29
Title
JetSearch < 3.5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2026-01-09
Title
ConvertForce Popup Builder < 0.0.8 - Stored Cross-Site Scripting via entrance_animation