First published: Tue Feb 25 2020(Updated: )
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
10web Photo Gallery | <1.5.46 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9335 is a vulnerability in the 10Web Photo Gallery plugin before version 1.5.46 for WordPress, which allows an authenticated admin user to inject arbitrary JavaScript code that is viewed by other users.
The severity of CVE-2020-9335 is medium with a CVSS score of 4.8.
The vulnerability can be exploited by an authenticated admin user who injects arbitrary JavaScript code that is then viewed by other users.
To fix CVE-2020-9335, update the 10Web Photo Gallery plugin to version 1.5.46 or later.
CWE-79 is a vulnerability category known as Cross-Site Scripting (XSS), which allows an attacker to inject malicious scripts into web pages viewed by other users.