CVE-2019-15829
published 2019-08-30CVE-2019-15829: The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS.
PriorityP422medium4.8CVSS 3.0
AVNACLPRHUIRSCCLILAN
EXPLOIT
EPSS
1.32%
67.2th percentile
The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| greentreelabs | gallery_photoblocks | < 1.1.43 | 1.1.43 |
CVSS provenance
nvdv3.04.8MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Gallery Photoblocks < 1.1.43 - Cross-Site Scripting
nuclei·CVSS 4.8
CVE-2019-15829 [MEDIUM] Gallery Photoblocks < 1.1.43 - Cross-Site Scripting
Gallery Photoblocks ")'
- 'contains(body_2, "post galleries!")'
condition: and
# digest: 490a004630440220505861ff4133268603015b73ba9136392ab84d17de58b03e120020f27918234502200f66cb50985c462fe6eb757d94d1d400ade5064577bf1a49ddb0b4ff73ed2f3f:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2019-08-30
Published