cleantalk
Vulnerabilities and Security Researches

WP Easy Gallery – WordPress Gallery Plugin, 8b2500493153f2af740d2c17daa0e9e6378e2634

CVE, Research URL

8b2500493153f2af740d2c17daa0e9e6378e2634

Home page URL

Security reports for WP Easy Gallery – WordPress Gallery Plugin

Application

WP Easy Gallery – WordPress Gallery Plugin

Published on
Jan 26, 2016
Research Description
WP Easy Gallery &#8211; WordPress Gallery Plugin [wp-easy-gallery] < 4.1.5 (closed) WP Easy Gallery <= 4.1.4 - Stored Cross-Site Scripting The WP Easy Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_style’ parameter in versions before 4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute whenever a victim accesses the injected page.
Affected versions
max 4.1.5.
Status
vulnerable
Previous vulnerability researches
Help Center by BestWebSoft (CVE-2017-2171) , Jun 07, 2024
Help Center by BestWebSoft (CVE-2017-18542) , Jun 07, 2024
Help Center by BestWebSoft (efd816c3-90d4-40bf-850a-0e4c1a756694) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026