rt-prettyphoto Plugin rt-prettyphoto.php royal_prettyphoto_plugin_links cross site scripting
CVE-2015-10128

3.5LOW

Key Information:

Vendor

Wordpress
Status
Rt-prettyphoto Plugin
Vendor
CVE Published:
2 January 2024

What is CVE-2015-10128?

The rt-prettyphoto plugin for WordPress was found to be vulnerable to a cross-site scripting (XSS) attack, particularly affecting the function royal_prettyphoto_plugin_links within the rt-prettyphoto.php file. This vulnerability allows an attacker to execute arbitrary scripts in the context of a user’s browser session, potentially leading to unauthorized actions or data theft. The issue can be exploited remotely, making affected sites susceptible to manipulation. An upgrade to version 1.3 of the plugin addresses this vulnerability, highlighting the importance of maintaining up-to-date software to ensure security.

Affected Version(s)

rt-prettyphoto Plugin 1.0

rt-prettyphoto Plugin 1.1

rt-prettyphoto Plugin 1.2

References

https://vuldb.com/?id.249422
vdb-entrytechnical-description
https://vuldb.com/?ctiid.249422
signaturepermissions-required
https://github.com/wp-plugins/rt-prettyphoto/commit/0d3d3...
patch

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
.