CVE-2022-0750

23.03.2022, 20:15

The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters  found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14.

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.4 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Wordfence	CNA	6.4 MEDIUM				CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Vendor	Product	Version
thriveweb	photoswipe_masonry_gallery	𝑥 < 1.2.15

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

https://wordpress.org/plugins/photoswipe-masonry/

https://www.wordfence.com/blog/2022/02/stored-cross-site-scripting-vulnerability-patched-in-a-wordpress-photo-gallery-plugin/

https://www.wordfence.com/threat-intel/vulnerabilities/id/64624d4c-3ffb-4516-a938-0accde24c79f?source=cve

https://wordpress.org/plugins/photoswipe-masonry/

https://www.wordfence.com/blog/2022/02/stored-cross-site-scripting-vulnerability-patched-in-a-wordpress-photo-gallery-plugin/

https://www.wordfence.com/threat-intel/vulnerabilities/id/64624d4c-3ffb-4516-a938-0accde24c79f?source=cve