Medium severity6.1NVD Advisory· Published Oct 31, 2023· Updated Jun 17, 2026
CVE-2023-5307
CVE-2023-5307
Description
The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Photos and Files Contest Gallerydescription
- Range: <21.2.8.1
Patches
Vulnerability mechanics
References
2- research.cleantalk.org/cve-2023-5307-photos-and-files-contest-gallery-contact-form-21-2-8-1-unauthenticated-stored-xss-via-http-headersnvdExploitThird Party Advisory
- wpscan.com/vulnerability/6fac1e09-21ab-430d-b56d-195e7238c08cnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.