cleantalk
Vulnerabilities and Security Researches

Visual Portfolio, Photo Gallery & Post Grid, CVE-2022-2597

CVE, Research URL

CVE-2022-2597

Home page URL

Security reports for Visual Portfolio, Photo Gallery & Post Grid

Application

Visual Portfolio, Photo Gallery & Post Grid

Published on
Sep 05, 2022
Research Description
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts
Affected versions
max 2.19.0.
Status
vulnerable
Previous vulnerability researches
Visual Portfolio, Photo Gallery & Post Grid (CVE-2026-32537) , Mar 29, 2026
Visual Portfolio, Photo Gallery & Post Grid (CVE-2022-2543) , Jun 07, 2024
Visual Portfolio, Photo Gallery & Post Grid (CVE-2022-2597) , Jun 07, 2024
Visual Portfolio, Photo Gallery & Post Grid (CVE-2024-4363) , Jun 07, 2024
Visual Portfolio, Photo Gallery & Post Grid (CVE-2024-5020) , Dec 06, 2024
New vulnerability
Subscriptions for WooCommerce – Subscription Plugin for Collecting Recurring Revenue, Sell Membership Subscription Servic (CVE-2026-24372) , Mar 29, 2026
Meta Box – WordPress Custom Fields Framework (CVE-2025-14675) , Mar 29, 2026
Admin and Site Enhancements (ASE) (CVE-2026-32423) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2026-28135) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2025-13067) , Mar 29, 2026