The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-12-19T13:41:43.962Z

Updated: 2024-08-03T01:27:54.541Z

Reserved: 2022-11-18T13:01:58.873Z

Link: CVE-2022-4058

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-12-19T14:15:11.920

Modified: 2024-11-21T07:34:31.580

Link: CVE-2022-4058

cve-icon Redhat

No data.