CVE-2023-2568

The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:ays-pro:photo_gallery:*:*:*:*:*:wordpress:*:*

History

07 Nov 2023, 04:12

Type Values Removed Values Added
CWE CWE-79

17 Jun 2023, 01:38

Type Values Removed Values Added
References (MISC) https://wpscan.com/vulnerability/b1704a12-459b-4f5d-aa2d-a96646ddaf3e - (MISC) https://wpscan.com/vulnerability/b1704a12-459b-4f5d-aa2d-a96646ddaf3e - Exploit, Third Party Advisory
CPE cpe:2.3:a:ays-pro:photo_gallery:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
First Time Ays-pro
Ays-pro photo Gallery

12 Jun 2023, 18:22

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-12 18:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-2568

Mitre link : CVE-2023-2568

CVE.ORG link : CVE-2023-2568


JSON object : View

Products Affected

ays-pro

  • photo_gallery
CWE

No CWE.