← Back

Visual Portfolio, Photo Gallery & Post Grid

visual_portfolio,_photo_gallery_&_post_grid

Vendor: Visualportfolio • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-2597
1Visualportfolio
1Visual Portfolio, Photo Gallery & Post Grid
Nov 21, 2024
Sep 5, 2022
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and in...Show more
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layoutsShow less
CVE-2022-2543
1Visualportfolio
1Visual Portfolio, Photo Gallery & Post Grid
Nov 21, 2024
Sep 5, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS...Show more
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layoutsShow less