cleantalk
Vulnerabilities and Security Researches

Visual Portfolio, Photo Gallery & Post Grid, CVE-2022-2543

CVE, Research URL

CVE-2022-2543

Home page URL

Security reports for Visual Portfolio, Photo Gallery & Post Grid

Application

Visual Portfolio, Photo Gallery & Post Grid

Published on
Sep 05, 2022
Research Description
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts
Affected versions
max 1.18.0.
Status
vulnerable
Previous vulnerability researches
Visual Portfolio, Photo Gallery & Post Grid (CVE-2026-32537) , Mar 29, 2026
Visual Portfolio, Photo Gallery & Post Grid (CVE-2022-2543) , Jun 07, 2024
Visual Portfolio, Photo Gallery & Post Grid (CVE-2022-2597) , Jun 07, 2024
Visual Portfolio, Photo Gallery & Post Grid (CVE-2024-4363) , Jun 07, 2024
Visual Portfolio, Photo Gallery & Post Grid (CVE-2024-5020) , Dec 06, 2024
New vulnerability
Subscriptions for WooCommerce – Subscription Plugin for Collecting Recurring Revenue, Sell Membership Subscription Servic (CVE-2026-24372) , Mar 29, 2026
Meta Box – WordPress Custom Fields Framework (CVE-2025-14675) , Mar 29, 2026
Admin and Site Enhancements (ASE) (CVE-2026-32423) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2026-28135) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2025-13067) , Mar 29, 2026