WordPress Plugin Vulnerabilities

Gallery PhotoBlocks < 1.2.7 - Contributor+ Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role of Contributor and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
photoblocks-grid-gallery
Fixed in 1.2.7

References

CVE
CVE-2022-37407

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Ngo Van Thien
Verified
No
WPVDB ID
af2d5bf8-6edd-465f-bd64-dcdb12d07da6

Timeline

Publicly Published
2022-08-10 (about 3 years ago)
Added
2022-09-15 (about 3 years ago)
Last Updated
2023-05-23 (about 2 years ago)

Other

Published
Title
Published
2026-04-08
Title
Download Manager < 3.3.53 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
Published
2022-03-21
Title
Export All URLs < 4.2 - Reflected Cross-Site Scripting
Published
2025-06-06
Title
Essential Addons for Elementor < 6.1.13 - Contributor+ Stored XSS via Event Calendar Widget
Published
2022-08-31
Title
Wordlift < 3.37.2 - Admin+ Stored Cross-Site Scripting
Published
2016-03-02
Title
CP Polls <= 1.0.8 - Multiple XSS Vulnerabilities