CVE-2024-53788 – WordPress Portfolio Builder – Portfolio Gallery

Published : 2024-11-30

Title: WordPress WordPress Portfolio Builder – Portfolio Gallery plugin <= 1.1.7 – Cross Site Scripting (XSS) vulnerability

Description

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7.

CWE

CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

CVSS

Score	Severity	Version	Vector String
5.9	MEDIUM	3.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Vendor : n/a

Product: WordPress Portfolio Builder – Portfolio Gallery

Vulnerable Versions: n/a through 1.1.7

Proof of Concept:

REDACTED

Vulnerability found by: DFEND Security Researcher

References:

– https://patchstack.com/database/wordpress/plugin/uber-grid/vulnerability/wordpress-wordpress-portfolio-builder-portfolio-gallery-plugin-1-1-7-cross-site-scripting-xss-vulnerability-2?_s_id=cve
– https://www.cve.org/CVERecord?id=CVE-2024-53788

Gallery

Contacts

CVE-2024-53788 – WordPress Portfolio Builder – Portfolio Gallery

Description

DFEND S.R.L.

CONTATTI

Gallery

Contacts

Description

CVE-2024-53783 – Ni WooCommerce Cost Of Goods

DFEND S.R.L.

CONTATTI