CVE-2023-28666

Summary

The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user.

Affected Software

VendorProductVersion RangeStatus
n/aInPost Gallery WordPress Plugin<= 2.1.4.1affected

Weaknesses

  • Authenticated Reflected Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References