PT-2022-23979 · Wpchill · Wpchill Gallery Photoblocks
Lagotek
+1
·
Published
2022-09-09
·
Updated
2022-09-10
·
CVE-2022-37407
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WPChill Gallery PhotoBlocks plugin versions prior to 1.2.7
Description
The issue concerns Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities. This means that an attacker could potentially inject malicious scripts into the application, which would then be executed by the user's browser, allowing the attacker to steal user data or take control of the user's session.
Recommendations
For WPChill Gallery PhotoBlocks plugin versions prior to 1.2.7, update to version 1.2.7 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wpchill Gallery Photoblocks