PT-2022-13410 · WordPress · Photoswipe Masonry Gallery
Chloe Chamberland
·
Published
2022-03-23
·
Updated
2023-10-24
·
CVE-2022-0750
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Photoswipe Masonry Gallery WordPress plugin versions up to and including 1.2.14
Description
The issue arises from insufficient escaping and sanitization of the
thumbnail width, thumbnail height, max image width, and max image height parameters in the ~/photoswipe-masonry.php file. This allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page.Recommendations
For versions up to and including 1.2.14, update to a version that includes the necessary escaping and sanitization fixes for the
thumbnail width, thumbnail height, max image width, and max image height parameters to prevent Cross-Site Scripting attacks.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Photoswipe Masonry Gallery