Headline

CVE-2022-27853: WordPress Contest Gallery plugin <= 13.1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9

2 years ago

CVE

Open in Source

#xss #vulnerability #web

contest-gallery

Software

Contest Gallery

Vulnerable Versions

<= 13.1.0.9

Fixed in version

14.0.0

CVE

CVE-2022-27853

References

Credits

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2021-12-20

CVSS 3.0 score

Requires author or higher role user authentication.

Are your websites subject to this vulnerability?

Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien in WordPress Contest Gallery plugin (versions <= 13.1.0.9).

Solution

Update the WordPress Contest Gallery plugin to the latest available version (at least 14.0.0).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

9 months ago

9 months ago

9 months ago

9 months ago

9 months ago