CVE-2022-2190

CVE-2022-2190: Envira Gallery Lite < 1.8.4.7 - Reflected Cross-Site Scripting

Vendor Unknown
Product Gallery Plugin for WordPress – Envira Photo Gallery
Weakness CWE-79 · XSS
Published October 31, 2022
Last update May 7, 2025

CVSS base score

What the vulnerability does

01Description

The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

Key dates

02Disclosure timeline

October 31, 2022 CVE published
May 7, 2025 Record updated

Related vulnerabilities

04Related CVE