CVE-2023-28666

State: PUBLISHED · Published: 2023-03-22 · Updated: 2025-02-25 · Assigner: tenable

Description

The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user.

CWE

CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected

n/a / InPost Gallery WordPress Plugin — v=<= 2.1.4.1 [affected]

CVSS

(none)

References

https://www.tenable.com/security/research/tra-2023-3

Source

cvelistV5-main/cves/2023/28xxx/CVE-2023-28666.json