cvedb.io
CVE-2022-4058
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2022-12-19T14:15:11.920 · Last modified 2026-06-17T05:19:52.063

Summary

The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.

Affected products

10web — photo_gallery

Does this affect you?

Add your gear to cvedb and we'll alert you only when 10web ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.