VDB
CVE-2023-5307
CVE-2023-5307
PUBLISHED
CVSS 8.5 HIGH
The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.
EPSS 1.02% · 77.6th percentile
Risk Scores
CVSS 4.0
8.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
1.02%
77.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| contest-gallery | contest_gallery | 0, 0, 0 |
| Unknown | Photos and Files Contest Gallery | 0, 0, 0 |
Timeline
- Oct 31, 2023 CVE Published
- Oct 31, 2023 PoC Published
- Nov 1, 2023 EPSS Score
- Dec 2, 2023 EPSS Score
- Feb 1, 2024 EPSS Score
- Mar 3, 2024 EPSS Score
- Apr 2, 2024 EPSS Score
- May 3, 2024 EPSS Score
- Jul 4, 2024 EPSS Score
- Aug 3, 2024 EPSS Score
- Sep 3, 2024 EPSS Score
- Oct 4, 2024 EPSS Score