Vulnerabilities > CVE-2022-2597 - Incorrect Authorization vulnerability in Visualportfolio Visual Portfolio, Photo Gallery & Post Grid

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
visualportfolio
CWE-863
NVD
Published: 2022-09-05
Updated: 2022-09-09

Summary

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts

Vulnerable Configurations

Part Description Count
Application
Visualportfolio
88

Common Weakness Enumeration (CWE)

References