Reflected XSS in Photoxhibit Plugin for WordPress by Ether
CVE-2016-1000143

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Photoxhibit
Vendor
CVE Published:
10 October 2016

Summary

The Photoxhibit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) attacks in version 2.1.8. This flaw allows attackers to inject malicious scripts into trusted websites, which can be executed in a user's browser. Exploiting this vulnerability may lead to user data exposure, session hijacking, or redirecting users to malicious sites. It is essential for users of the affected version to apply necessary updates or patches to safeguard their applications.

References

https://wordpress.org/plugins/photoxhibit
x_refsource_MISC
http://www.securityfocus.com/bid/93803
vdb-entryx_refsource_BID
http://www.vapidlabs.com/wp/wp_advisory.php?v=780
x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.