CVE-2022-2543

Summary

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts

Affected Software

VendorProductVersion RangeStatus
UnknownVisual Portfolio, Photo Gallery & Post Grid2.18.0 < 2.18.0affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

References