Portfolio Filter Gallery
by WordPress
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-29769 | Med | 0.42 | 6.5 | 0.00 | Mar 27, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portfolio Gallery – Image Gallery Plugin allows Stored XSS.This issue affects Portfolio Gallery – Image Gallery Plugin: from n/a through 1.5.6. | ||
| CVE-2021-24795 | Med | 0.42 | 6.5 | 0.01 | Dec 13, 2021 | The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery (CSRF) check when deleting a Gallery, which could allow attackers to make a logged in admin delete arbitrary Gallery. | ||
| CVE-2024-6262 | Med | 0.35 | 6.4 | 0.00 | Jun 27, 2024 | The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes.… |
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portfolio Gallery – Image Gallery Plugin allows Stored XSS.This issue affects Portfolio Gallery – Image Gallery Plugin: from n/a through 1.5.6.
- risk 0.42cvss 6.5epss 0.01
The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery (CSRF) check when deleting a Gallery, which could allow attackers to make a logged in admin delete arbitrary Gallery.
- risk 0.35cvss 6.4epss 0.00
The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes.…