CVE-2022-2543

CVE-2022-2543: Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection

Vendor Unknown
Product Visual Portfolio, Photo Gallery & Post Grid
Weakness CWE-862 · Missing authorization
Published September 5, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts

Key dates

02Disclosure timeline

September 5, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE