Vulnerabilities (CVE)

Filtered by vendor Visualportfolio Subscribe
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2597 1 Visualportfolio 1 Visual Portfolio\, Photo Gallery \& Post Grid 2024-11-21 N/A 5.4 MEDIUM
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts