Cross-Site Scripting Vulnerability in Photoblocks Grid Gallery Plugin for WordPress
CVE-2019-15829

4.8MEDIUM

Key Information:

Vendor: Wordpress
Status: Gallery Photoblocks
Vendor: CVE Published:; 30 August 2019

Summary

The Photoblocks Grid Gallery plugin for WordPress is affected by a Cross-Site Scripting (XSS) vulnerability. This issue exists in the admin interface, specifically at the endpoint 'wp-admin/admin.php?page=photoblocks-edit&id=' which fails to properly validate user input. As a result, malicious users can exploit this vulnerability to inject arbitrary JavaScript code into the web pages viewed by other users, leading to potential data theft or unauthorized actions within the application.

References

https://wpvulndb.com/vulnerabilities/9443

x_refsource_MISC

https://wordpress.org/plugins/photoblocks-grid-gallery/#d...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 30, 2019
Vulnerability Reserved
Aug 29, 2019