PT-2023-20239 · Ays · The Photo Gallery

Erwan Lr

Published

2023-06-12

Updated

2023-06-17

CVE-2023-2568

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions The Photo Gallery by Ays WordPress plugin versions prior to 5.1.7

Description The issue concerns Reflected Cross-Site Scripting, where some parameters are not properly escaped before being outputted back in attributes. This could be exploited against high-privilege users, such as administrators.

Recommendations For versions prior to 5.1.7, update to version 5.1.7 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-2568

Affected Products

The Photo Gallery

PT-2023-20239 · Ays · The Photo Gallery

CVE-2023-2568

Related Identifiers

Affected Products

References · 4