Vulnerabilities > CVE-2022-4142 - Unspecified vulnerability in Wordpress Filter Gallery Project Wordpress Filter Gallery
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filters passed in the ufg_gallery_filters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page, even when the unfiltered_html capability is disabled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |