Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities by visualportfolio

    CVE-2022-2597 (GCVE-0-2022-2597)

    Vulnerability from nvd – Published: 2022-09-05 12:35 – Updated: 2024-08-03 00:46
    VLAI
    Title
    Visual Portfolio < 2.19.0 - Contributor+ CSS Injection
    Summary
    The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts
    Severity
    No CVSS data available.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Visual Portfolio, Photo Gallery & Post Grid Affected: 2.19.0 , < 2.19.0 (custom)
    Create a notification for this product.
    Credits
    Krzysztof Zając
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:46:03.062Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/3ffcee7c-1e03-448c-8006-a9405658cdb7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Visual Portfolio, Photo Gallery \u0026 Post Grid",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.19.0",
                  "status": "affected",
                  "version": "2.19.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Krzysztof Zaj\u0105c"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Visual Portfolio, Photo Gallery \u0026 Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-05T12:35:21.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/3ffcee7c-1e03-448c-8006-a9405658cdb7"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Visual Portfolio \u003c 2.19.0 - Contributor+ CSS Injection",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-2597",
              "STATE": "PUBLIC",
              "TITLE": "Visual Portfolio \u003c 2.19.0 - Contributor+ CSS Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Visual Portfolio, Photo Gallery \u0026 Post Grid",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.19.0",
                                "version_value": "2.19.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Krzysztof Zaj\u0105c"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Visual Portfolio, Photo Gallery \u0026 Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863 Incorrect Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/3ffcee7c-1e03-448c-8006-a9405658cdb7",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/3ffcee7c-1e03-448c-8006-a9405658cdb7"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-2597",
        "datePublished": "2022-09-05T12:35:21.000Z",
        "dateReserved": "2022-08-01T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:46:03.062Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2543 (GCVE-0-2022-2543)

    Vulnerability from nvd – Published: 2022-09-05 12:35 – Updated: 2024-08-03 00:39
    VLAI
    Title
    Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection
    Summary
    The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Visual Portfolio, Photo Gallery & Post Grid Affected: 2.18.0 , < 2.18.0 (custom)
    Create a notification for this product.
    Credits
    Krzysztof Zając
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:39:07.976Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/5dc8b671-f2fa-47be-8664-9005c4fdbea8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Visual Portfolio, Photo Gallery \u0026 Post Grid",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "2.18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Krzysztof Zaj\u0105c"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Visual Portfolio, Photo Gallery \u0026 Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-05T12:35:20.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/5dc8b671-f2fa-47be-8664-9005c4fdbea8"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Visual Portfolio \u003c 2.18.0 - Unauthenticated CSS Injection",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-2543",
              "STATE": "PUBLIC",
              "TITLE": "Visual Portfolio \u003c 2.18.0 - Unauthenticated CSS Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Visual Portfolio, Photo Gallery \u0026 Post Grid",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.18.0",
                                "version_value": "2.18.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Krzysztof Zaj\u0105c"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Visual Portfolio, Photo Gallery \u0026 Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/5dc8b671-f2fa-47be-8664-9005c4fdbea8",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/5dc8b671-f2fa-47be-8664-9005c4fdbea8"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-2543",
        "datePublished": "2022-09-05T12:35:20.000Z",
        "dateReserved": "2022-07-26T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:39:07.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2597 (GCVE-0-2022-2597)

    Vulnerability from cvelistv5 – Published: 2022-09-05 12:35 – Updated: 2024-08-03 00:46
    VLAI
    Title
    Visual Portfolio < 2.19.0 - Contributor+ CSS Injection
    Summary
    The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts
    Severity
    No CVSS data available.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Visual Portfolio, Photo Gallery & Post Grid Affected: 2.19.0 , < 2.19.0 (custom)
    Create a notification for this product.
    Credits
    Krzysztof Zając
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:46:03.062Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/3ffcee7c-1e03-448c-8006-a9405658cdb7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Visual Portfolio, Photo Gallery \u0026 Post Grid",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.19.0",
                  "status": "affected",
                  "version": "2.19.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Krzysztof Zaj\u0105c"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Visual Portfolio, Photo Gallery \u0026 Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-05T12:35:21.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/3ffcee7c-1e03-448c-8006-a9405658cdb7"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Visual Portfolio \u003c 2.19.0 - Contributor+ CSS Injection",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-2597",
              "STATE": "PUBLIC",
              "TITLE": "Visual Portfolio \u003c 2.19.0 - Contributor+ CSS Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Visual Portfolio, Photo Gallery \u0026 Post Grid",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.19.0",
                                "version_value": "2.19.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Krzysztof Zaj\u0105c"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Visual Portfolio, Photo Gallery \u0026 Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863 Incorrect Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/3ffcee7c-1e03-448c-8006-a9405658cdb7",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/3ffcee7c-1e03-448c-8006-a9405658cdb7"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-2597",
        "datePublished": "2022-09-05T12:35:21.000Z",
        "dateReserved": "2022-08-01T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:46:03.062Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2543 (GCVE-0-2022-2543)

    Vulnerability from cvelistv5 – Published: 2022-09-05 12:35 – Updated: 2024-08-03 00:39
    VLAI
    Title
    Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection
    Summary
    The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Visual Portfolio, Photo Gallery & Post Grid Affected: 2.18.0 , < 2.18.0 (custom)
    Create a notification for this product.
    Credits
    Krzysztof Zając
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:39:07.976Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/5dc8b671-f2fa-47be-8664-9005c4fdbea8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Visual Portfolio, Photo Gallery \u0026 Post Grid",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "2.18.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Krzysztof Zaj\u0105c"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Visual Portfolio, Photo Gallery \u0026 Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-05T12:35:20.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/5dc8b671-f2fa-47be-8664-9005c4fdbea8"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Visual Portfolio \u003c 2.18.0 - Unauthenticated CSS Injection",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-2543",
              "STATE": "PUBLIC",
              "TITLE": "Visual Portfolio \u003c 2.18.0 - Unauthenticated CSS Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Visual Portfolio, Photo Gallery \u0026 Post Grid",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.18.0",
                                "version_value": "2.18.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Krzysztof Zaj\u0105c"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Visual Portfolio, Photo Gallery \u0026 Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/5dc8b671-f2fa-47be-8664-9005c4fdbea8",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/5dc8b671-f2fa-47be-8664-9005c4fdbea8"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-2543",
        "datePublished": "2022-09-05T12:35:20.000Z",
        "dateReserved": "2022-07-26T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:39:07.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }