cleantalk
Vulnerabilities and Security Researches

InPost Gallery, CVE-2023-28666

CVE, Research URL

CVE-2023-28666

Home page URL

Security reports for InPost Gallery

Application

InPost Gallery

Published on
Mar 23, 2023
Research Description
The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user.
Affected versions
Min -, max 2.1.4.2.
Status
vulnerable
Previous vulnerability researches
InPost Gallery (CVE-2024-11002) , Nov 26, 2024
InPost Gallery (5f87d0dea32454e20b92b31e958259617992907a) , Jun 07, 2024
InPost Gallery (CVE-2023-28666) , Jun 07, 2024
InPost Gallery (CVE-2022-4063) , Jun 07, 2024
InPost Gallery (CVE-2025-26903) , Apr 15, 2025
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025