CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3710 – Image Photo Gallery Final Tiles Grid < 3.6.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-3710
22 Jun 2024 — The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin El complemento Image Photo Gallery Final Tiles Grid de WordPress anterior a 3.6.0 no valida ni escapa algunos de sus atributos de código corto antes de devolverlos a la p... • https://wpscan.com/vulnerability/bde10913-4f7e-4590-86eb-33bfa904f95f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 425EXPL: 0CVE-2022-4974 – Freemius SDK <= 2.4.2 - Missing Authorization Checks
https://notcve.org/view.php?id=CVE-2022-4974
04 Mar 2022 — The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. • https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=cve • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0186 – Image Photo Gallery Final Tiles Grid < 3.5.3 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0186
18 Jan 2022 — The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard El plugin Image Photo Gallery Final Tiles Grid de WordPress versiones anteriores a 3.5.3, no sanea ni escapa del campo Description cuando es editada una galería, permitiendo a usuarios con un rol tan bajo como el de co... • https://wpscan.com/vulnerability/3a9c44c0-866e-4fdf-b53d-666db2e11720 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14962 – Final Tiles Gallery <= 3.4.18 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-14962
28 May 2020 — Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to wp-admin/admin-ajax.php. Múltiples vulnerabilidades de tipo XSS en el plugin Final Tiles Gallery versiones anteriores a 3.4.19 para WordPress, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del campo Title (también se conoce como imageTitle) o Capt... • https://wpvulndb.com/vulnerabilities/10241 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •