Photo Gallery Slideshow & Masonry Tiled Gallery < 1.0.14 – Reflected Cross-Site Scripting | CVE 2023-2402

Affects Plugins

Fixed in 1.0.14

References

CVE

CVE-2023-2402

URL

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-responsive-photo-gallery/photo-gallery-slideshow-masonry-tiled-gallery-1013-reflected-cross-site-scripting

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

Marco Wotschka

Verified

No

WPVDB ID

d6326aa5-c10c-491b-95b8-64b6fb52e4e0

Timeline

Publicly Published

2023-04-28 (about 3 years ago)

Added

2023-06-09 (about 2 years ago)

Last Updated

2023-06-09 (about 2 years ago)

Other

Published

Title

Published

2023-12-26

Title

Back Button Widget < 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Published

2025-06-05

Title

Hide It <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-09-21

Title

jQuery Reply to Comment <= 1.31 - CSRF to Stored Cross-Site Scripting

Published

2014-11-04

Title

Ninja Forms 2.8.6 - Reflected Cross-Site Scripting (XSS)

Published

2014-08-01

Title

BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS