CVE-2022-2543

Published: Sep 5, 2022Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts

Affected (1)

Products: Visualportfolio: Visual Portfolio, Photo Gallery & Post Grid

Visualportfolio

1 product

Visual Portfolio, Photo Gallery & Post Grid

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Visualportfolio Visual Portfolio, Photo Gallery & Post Grid	Before 2.18.0

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://wpscan.com/vulnerability/5dc8b671-f2fa-47be-8664-9005c4fdbea8

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/5dc8b671-f2fa-47be-8664-9005c4fdbea8

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.