1 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php. Una vulnerabilidad de Cross-Site Scripting (XSS) en el plugin Best Gallery Albums en versiones anteriores a la 3.0.70 para WordPress permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro order_id en la página gallery_album_sorting a wp-admin/admin.php. Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70 for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php. • https://g0blin.co.uk/cve-2014-8758 https://wpvulndb.com/vulnerabilities/8236 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •