WordPress Plugin Vulnerabilities

Contest Gallery < 21.1.2.1 - Reflected XSS

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affects Plugins

Plugin icon
contest-gallery
Fixed in 21.1.2.1

References

CVE
CVE-2023-28784

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
5c182017-f03f-4b01-985a-a77bef61ea00

Timeline

Publicly Published
2023-03-27 (about 1 years ago)
Added
2023-06-22 (about 10 months ago)
Last Updated
2023-06-22 (about 10 months ago)

Other

Published
Title
Published
2023-01-11
Title
Breadcrumb < 1.5.33 - Contributor+ Stored XSS via Shortcode
Published
2022-10-10
Title
Newspaper < 12 - Reflected Cross-Site Scripting
Published
2017-05-16
Title
WordPress Button Plugin MaxButtons <= 6.18 - Authenticated Cross-Site Scripting (XSS)
Published
2022-08-09
Title
Photo Gallery < 1.7.1 - Reflected Cross-Site Scripting
Published
2023-09-27
Title
Font Awesome More Icons <= 3.5 - Contributor+ Stored Cross-Site Scripting