cleantalk
Vulnerabilities and Security Researches

Portfolio & Image Gallery for WordPress | PowerFolio, CVE-2022-4765

CVE, Research URL

CVE-2022-4765

Home page URL

Security reports for Portfolio & Image Gallery for WordPress | PowerFolio

Application

Portfolio & Image Gallery for WordPress | PowerFolio

Published on
Jan 31, 2023
Research Description
The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions
Min -, max 3.0.3.
Status
vulnerable
Previous vulnerability researches
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2024-22150) , Jun 07, 2024
Portfolio & Image Gallery for WordPress | PowerFolio (2dcc339fa5572c0b8975f48ffa24bcca0ae340a1) , Jun 07, 2024
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2022-4765) , Jun 07, 2024
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2022-4974) , Nov 15, 2024
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2025-7046) , Jul 05, 2025
New vulnerability
Printcart Web to Print Product Designer for WooCommerce (CVE-2025-24780) , Jul 05, 2025
bSecure – Your Universal Checkout (CVE-2025-52830) , Jul 05, 2025
DocCheck Login (CVE-2025-6786) , Jul 05, 2025
iFrame Images Gallery (CVE-2025-30969) , Jul 05, 2025
Video Gallery Block – Display your videos as a gallery in a professional way (CVE-2025-27326) , Jul 05, 2025