CVE-2022-2543

MEDIUM

Visual Portfolio, Photo Gallery & Post Grid WP <2.18.0 - CSRF

Title source: llm
STIX 2.1

Description

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/5dc8b671-f2fa-47be-8664-9005c4fdbea8

Scores

CVSS v3 6.1
EPSS 0.0048
EPSS Percentile 37.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-862
Status published
Products (1)
visualportfolio/visual_portfolio\,_photo_gallery_\&_post_grid < 2.18.0
Published Sep 05, 2022
Tracked Since Feb 18, 2026