[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmNI0OSaR96P3KKIkdrIocHILzSmLQCqtDO6gO9opu20":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2022-4058","photo-gallery-cross-site-request-forgery-to-stored-cross-site-scripting","Photo Gallery \u003C= 1.8.2 -  Cross-Site Request Forgery to Stored Cross-Site Scripting","The Photo Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation one of its functions. This makes it possible for unauthenticated attackers to inject malicious JavaScript, that will execute whenever a user accesses a page under their control. This Cross-Site Scripting payload will trigger for that user only for the duration of their session.","photo-gallery",null,"\u003C=1.8.2","1.8.3","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-11-28 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F806bbfb8-ebf3-4823-a241-91e01dc95228?source=api-prod",421]