WordPress Plugin Vulnerabilities

Photo Gallery < 1.5.46 - Multiple Cross-Site Scripting (XSS) Issues

Description

Multiple cross-site scripting vulnerabilities have been discovered in Photo Gallery Plugin version 1.5.45. The vulnerabilities are caused by improper sanitization of user input in the galleries/image edit page.

Affects Plugins

Plugin icon
photo-gallery
Fixed in 1.5.46

References

CVE
CVE-2020-9335
URL
https://fortiguard.com/zeroday/FG-VD-20-033

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Vishnupriya Ilango of Fortinet's FortiGuard Labs
Verified
No
WPVDB ID
f626f6f7-6b90-403c-a135-37ca4d9c53e6

Timeline

Publicly Published
2020-02-25 (about 6 years ago)
Added
2020-02-25 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2012-05-13
Title
WP-Facethumb Gallery <= 0.1 - Reflected Cross Site Scripting
Published
2023-11-06
Title
Martins Free & Easy SEO Link buildings < 1.2.30 - Reflected XSS
Published
2024-12-30
Title
Premium Blocks – Gutenberg Blocks for WordPress < 2.1.43 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-03-27
Title
VaultRE Contact Form 7 <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2024-03-15
Title
YITH WooCommerce Product Add-Ons < 4.6.0 - Unuathenticated Cross-Site Scripting