CVE-2023-35098

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jun 20, 2023

Updated: Jun 27, 2023

CWE ID 79

Summary

CVE-2023-35098 is a newly disclosed Cross-Site Scripting (XSS) vulnerability affecting the NextGen GalleryView plugin of WordPress versions 0.5.5 and below. An attacker can inject malicious scripts into web pages viewed by other users, leading to unauthorized data access or manipulation. This issue occurs due to insufficient input validation, allowing attackers to inject malicious code through reflected XSS techniques. Users are advised to update their plugin to the latest version or remove it entirely to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rtd8a7
https://www.cve.org/CVERecord?id=CVE-2023-35098
https://nvd.nist.gov/vuln/detail/CVE-2023-35098

Back to Vulnerability Database

CVE-2023-35098

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations