CVE-2024-13384

Medium CVSS: 4.8

The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Vendor

Robosoft

Product

Robo Gallery

CWE

CWE-79

Yayın Tarihi

2025-05-15 20:15:39

Güncelleme

2025-06-05 14:25:59

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-79 Robo Gallery MEDIUM Robosoft 2025

Referanslar

https://wpscan.com/vulnerability/f65d8a83-6ce8-40be-8633-deffd555c349/ https://wpscan.com/vulnerability/f65d8a83-6ce8-40be-8633-deffd555c349/

Benzer Kayıtlar

Medium

CVE-2024-10144

The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some…

Medium

CVE-2025-2279

The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting…

Low

CVE-2024-10102

The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some…