The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-10-31T13:54:43.166Z

Updated: 2024-08-02T07:52:08.569Z

Reserved: 2023-09-29T16:46:14.641Z

Link: CVE-2023-5307

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-10-31T14:15:12.713

Modified: 2024-11-21T08:41:29.873

Link: CVE-2023-5307

cve-icon Redhat

No data.