cleantalk
Vulnerabilities and Security Researches

Visual Portfolio, Photo Gallery & Post Grid, CVE-2024-4363

CVE, Research URL

CVE-2024-4363

Home page URL

Security reports for Visual Portfolio, Photo Gallery & Post Grid

Application

Visual Portfolio, Photo Gallery & Post Grid

Published on
May 15, 2024
Research Description
The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 3.3.3.
Status
vulnerable
Previous vulnerability researches
Visual Portfolio, Photo Gallery & Post Grid (CVE-2026-32537) , Mar 29, 2026
Visual Portfolio, Photo Gallery & Post Grid (CVE-2022-2543) , Jun 07, 2024
Visual Portfolio, Photo Gallery & Post Grid (CVE-2022-2597) , Jun 07, 2024
Visual Portfolio, Photo Gallery & Post Grid (CVE-2024-4363) , Jun 07, 2024
Visual Portfolio, Photo Gallery & Post Grid (CVE-2024-5020) , Dec 06, 2024
New vulnerability
Subscriptions for WooCommerce – Subscription Plugin for Collecting Recurring Revenue, Sell Membership Subscription Servic (CVE-2026-24372) , Mar 29, 2026
Meta Box – WordPress Custom Fields Framework (CVE-2025-14675) , Mar 29, 2026
Admin and Site Enhancements (ASE) (CVE-2026-32423) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2026-28135) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2025-13067) , Mar 29, 2026