cvedb.io
CVE-2022-2543
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2022-09-05T13:15:08.333 · Last modified 2026-06-17T04:42:05.583

Summary

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts

Affected products

visualportfolio — visual_portfolio\,_photo_gallery_\&_post_grid

Does this affect you?

Add your gear to cvedb and we'll alert you only when visualportfolio ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.