PT-2025-30023 · WordPress · Balbooa Gallery
Kamil Szczurowski
+1
·
Published
2025-07-18
·
Updated
2025-07-18
·
CVE-2025-49486
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Balbooa Gallery plugin versions 1.0.0 through 2.4.0
Description
A stored cross-site scripting (XSS) issue exists in the Balbooa Gallery plugin for Joomla. Privileged users can store malicious scripts within gallery items.
Recommendations
Update Balbooa Gallery plugin to a version later than 2.4.0.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Balbooa Gallery