CVE-2022-2543

Name of the Vulnerable Software and Affected Versions The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin versions prior to 2.18.0

Description The issue concerns a lack of proper authorization checks in some REST endpoints of the plugin, allowing unauthenticated users to call these endpoints and inject arbitrary CSS in arbitrary saved layouts.

Recommendations For versions prior to 2.18.0, update to version 2.18.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable REST endpoints until a patch is applied.