First published: Mon Jun 06 2022(Updated: )
The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
10web Photo Gallery | <1.6.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-1394 is a vulnerability in the Photo Gallery by 10Web WordPress plugin before version 1.6.4 that allows high privilege users to perform Cross-Site Scripting attacks.
CVE-2022-1394 affects users of the Photo Gallery by 10Web WordPress plugin before version 1.6.4 and allows high privilege users to perform Cross-Site Scripting attacks.
CVE-2022-1394 has a severity rating of 4.8 out of 10, which is considered medium.
To fix CVE-2022-1394, users should update the Photo Gallery by 10Web WordPress plugin to version 1.6.4 or later.
More information about CVE-2022-1394 can be found at https://wpscan.com/vulnerability/f7a0df37-3204-4926-84ec-2204a2f22de3.