CVE-2022-2597

CVE-2022-2597: Visual Portfolio < 2.19.0 - Contributor+ CSS Injection

Vendor Unknown
Product Visual Portfolio, Photo Gallery & Post Grid
Weakness CWE-863 · Incorrect authorization
Published September 5, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts

Key dates

02Disclosure timeline

September 5, 2022 CVE published
August 3, 2024 Record updated