Vulnerabilities > Thriveweb > Photoswipe Masonry Gallery > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-23 | CVE-2022-0750 | Cross-site Scripting vulnerability in Thriveweb Photoswipe Masonry Gallery The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. | 5.4 |