Search criteria
3 vulnerabilities by deanoakley
CVE-2023-4271 (GCVE-0-2023-4271)
Vulnerability from cvelistv5 – Published: 2023-10-20 06:35 – Updated: 2025-02-05 19:08
VLAI?
Summary
The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘psres_button_size’ parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity ?
4.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| deanoakley | Photospace Responsive Gallery |
Affected:
* , ≤ 2.1.1
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bc98896-6ff9-40de-ace2-2ca331c2a44a?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2831424/photospace-responsive/trunk/includes/class-photospace-responsive-gallery.php?contextall=1\u0026old=2544748\u0026old_path=%2Fphotospace-responsive%2Ftrunk%2Fincludes%2Fclass-photospace-responsive-gallery.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2966110%40photospace-responsive%2Ftrunk\u0026old=2875667%40photospace-responsive%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:23:28.580634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T19:08:03.681Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Photospace Responsive Gallery",
"vendor": "deanoakley",
"versions": [
{
"lessThanOrEqual": "2.1.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018psres_button_size\u2019 parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T06:35:18.698Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bc98896-6ff9-40de-ace2-2ca331c2a44a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2831424/photospace-responsive/trunk/includes/class-photospace-responsive-gallery.php?contextall=1\u0026old=2544748\u0026old_path=%2Fphotospace-responsive%2Ftrunk%2Fincludes%2Fclass-photospace-responsive-gallery.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2966110%40photospace-responsive%2Ftrunk\u0026old=2875667%40photospace-responsive%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-12T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-09-12T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-4271",
"datePublished": "2023-10-20T06:35:18.698Z",
"dateReserved": "2023-08-09T12:13:18.730Z",
"dateUpdated": "2025-02-05T19:08:03.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3991 (GCVE-0-2022-3991)
Vulnerability from cvelistv5 – Published: 2022-11-29 20:43 – Updated: 2025-01-23 20:48
VLAI?
Summary
The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update() function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| deanoakley | Photospace Gallery |
Affected:
* , ≤ 2.3.5
(semver)
|
Credits
Marco Wotschka
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:53.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/photospace/trunk/photospace.php#L87"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3991"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T20:48:43.622160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T20:48:47.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Photospace Gallery",
"vendor": "deanoakley",
"versions": [
{
"lessThanOrEqual": "2.3.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Wotschka"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photospace Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters saved via the update() function in versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T20:43:32.624Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/photospace/trunk/photospace.php#L87"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3991"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-09-13T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2022-11-14T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-3991",
"datePublished": "2022-11-29T20:43:32.624Z",
"dateReserved": "2022-11-14T15:44:27.765Z",
"dateUpdated": "2025-01-23T20:48:47.703Z",
"requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0750 (GCVE-0-2022-0750)
Vulnerability from cvelistv5 – Published: 2022-03-23 19:46 – Updated: 2025-05-05 16:43
VLAI?
Summary
The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14.
Severity ?
6.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| deanoakley | Photoswipe Masonry Gallery |
Affected:
* , ≤ 1.2.14
(semver)
|
Credits
Chloe Chamberland
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64624d4c-3ffb-4516-a938-0accde24c79f?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/photoswipe-masonry/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2022/02/stored-cross-site-scripting-vulnerability-patched-in-a-wordpress-photo-gallery-plugin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0750",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:16:36.539277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:43:46.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Photoswipe Masonry Gallery",
"vendor": "deanoakley",
"versions": [
{
"lessThanOrEqual": "1.2.14",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T15:06:16.859Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64624d4c-3ffb-4516-a938-0accde24c79f?source=cve"
},
{
"url": "https://wordpress.org/plugins/photoswipe-masonry/"
},
{
"url": "https://www.wordfence.com/blog/2022/02/stored-cross-site-scripting-vulnerability-patched-in-a-wordpress-photo-gallery-plugin/"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-02-24T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-0750",
"datePublished": "2022-03-23T19:46:50.000Z",
"dateReserved": "2022-02-24T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:43:46.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}