CVE-2023-5307 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-5307 PUBLISHED CVSS 8.5 HIGH

The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.

EPSS 1.02% · 77.1th percentile

Risk Scores

CVSS v4.0

8.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS Score

1.02%

77.1th percentile

Affected Products

Vendor	Product	Versions
contest-gallery	contest_gallery	0, 0, 0
Unknown	Photos and Files Contest Gallery	0, 0, 0

Timeline

Oct 31, 2023 CVE Published
Oct 31, 2023 PoC Published
Nov 1, 2023 EPSS Score
Dec 1, 2023 EPSS Score
Jan 30, 2024 EPSS Score
Mar 1, 2024 EPSS Score
Mar 31, 2024 EPSS Score
Apr 30, 2024 EPSS Score
Jun 29, 2024 EPSS Score
Jul 29, 2024 EPSS Score
Aug 28, 2024 EPSS Score
Sep 28, 2024 EPSS Score

References

Open in Interactive Console →