ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Simple Photo Gallery Plugin <= 1.8.0 - Stored Cross Site Scripting

Product
Simple Photo Gallery
Description
Because of this vulnerability, attackers can execute malicious cides on name input of the gallery and album.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A2: Broken Authentication and Session Management
References
Openwall
CVE
Name CVE-N/A
Versions
Affected In <= 1.8.0
Fixed In 1.8.1
Disclosure date
2016-04-28
Credits
Oliveira Lima