Photo Gallery < 1.5.46 - Multiple Cross-Site Scripting (XSS) Issues

Description

Multiple cross-site scripting vulnerabilities have been discovered in Photo Gallery Plugin version 1.5.45. The vulnerabilities are caused by improper sanitization of user input in the galleries/image edit page.

Affects Plugins

photo-gallery

Fixed in version 1.5.46✓

References

CVE

CVE-2020-9335

URL

https://fortiguard.com/zeroday/FG-VD-20-033

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Vishnupriya Ilango of Fortinet's FortiGuard Labs

Verified

WPVDB ID

f626f6f7-6b90-403c-a135-37ca4d9c53e6

Timeline

Publicly Published

2020-02-25 (about 1 years ago)

Added

2020-02-25 (about 1 years ago)

Last Updated

2020-09-22 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin