Vulnerabilities and security researches forphotospace-responsive photospace-responsive

Jun 06, 2024

CVE, Research URL: CVE-2023-4271
Home page URL: Security reports for Photospace Responsive Gallery
Application: Photospace Responsive Gallery
Date: Oct 20, 2023
Research Description: The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘psres_button_size’ parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 2.2.0.
Status: vulnerable

CVE, Research URL: 8bafce1a33c62b2deffb4669992298ff1dae4873
Home page URL: Security reports for Photospace Responsive Gallery
Application: Photospace Responsive Gallery
Date: Jun 22, 2019
Research Description: Photospace Responsive Gallery [photospace-responsive] < 1.1.8 Photospace Responsive <= 1.1.7 - Cross-Site Scripting The Photospace Responsive plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions: max 1.1.8.
Status: vulnerable

Nov 10, 2025

CVE, Research URL: CVE-2025-62899
Home page URL: Security reports for Photospace Responsive Gallery
Application: Photospace Responsive Gallery
Date: Oct 27, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in THRIVE - Web Design Gold Coast Photospace Responsive photospace-responsive allows Stored XSS.This issue affects Photospace Responsive: from n/a through <= 2.2.0.
Affected versions: max 2.2.0.
Status: vulnerable