{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-2708", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-05-15T12:39:48.962Z", "datePublished": "2023-05-16T02:04:27.089Z", "dateUpdated": "2026-04-08T17:06:07.853Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:06:07.853Z"}, "affected": [{"vendor": "nik00726", "product": "Video Gallery", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018search_term\u2019 parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVE-2023-32597 may be a duplicate of this."}], "title": "Video Gallery <= 1.0.10 - Reflected Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8cfbad9f-61ba-4216-9078-c1e7e809899a?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.11/video-slider-with-thumbnails.php#L1105"}, {"url": "https://plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.10/video-slider-with-thumbnails.php#L1103"}, {"url": "https://patchstack.com/database/vulnerability/video-slider-with-thumbnails/wordpress-video-gallery-plugin-1-0-10-cross-site-scripting-xss-vulnerability"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Marco Wotschka"}, {"lang": "en", "type": "finder", "value": "Yudha Prasetya"}], "timeline": [{"time": "2023-04-13T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2023-05-15T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:04.314Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8cfbad9f-61ba-4216-9078-c1e7e809899a?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.11/video-slider-with-thumbnails.php#L1105", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.10/video-slider-with-thumbnails.php#L1103", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-05T18:30:06.906427Z", "id": "CVE-2023-2708", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T19:45:22.594Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8cfbad9f-61ba-4216-9078-c1e7e809899a?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.11/video-slider-with-thumbnails.php#L1105", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.10/video-slider-with-thumbnails.php#L1103", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:04.314Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2708", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-05T18:30:06.906427Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T18:30:08.346Z"}}], "cna": {"title": "Video Gallery <= 1.0.10 - Reflected Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Marco Wotschka"}, {"lang": "en", "type": "finder", "value": "Yudha Prasetya"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "nik00726", "product": "Video Gallery", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.10"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-04-13T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2023-05-15T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8cfbad9f-61ba-4216-9078-c1e7e809899a?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.11/video-slider-with-thumbnails.php#L1105"}, {"url": "https://plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.10/video-slider-with-thumbnails.php#L1103"}, {"url": "https://patchstack.com/database/vulnerability/video-slider-with-thumbnails/wordpress-video-gallery-plugin-1-0-10-cross-site-scripting-xss-vulnerability"}], "descriptions": [{"lang": "en", "value": "The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018search_term\u2019 parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVE-2023-32597 may be a duplicate of this."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:06:07.853Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2708", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:06:07.853Z", "dateReserved": "2023-05-15T12:39:48.962Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2023-05-16T02:04:27.089Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:i13websolution:video_gallery:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8611E6D2-366A-4A64-9B13-54F7F8D4AB26", "versionEndExcluding": "1.0.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018search_term\u2019 parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVE-2023-32597 may be a duplicate of this."}], "id": "CVE-2023-2708", "lastModified": "2026-04-08T18:18:04.930", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-16T03:15:09.063", "references": [{"source": "security@wordfence.com", "url": "https://patchstack.com/database/vulnerability/video-slider-with-thumbnails/wordpress-video-gallery-plugin-1-0-10-cross-site-scripting-xss-vulnerability"}, {"source": "security@wordfence.com", "tags": ["Issue Tracking"], "url": "https://plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.10/video-slider-with-thumbnails.php#L1103"}, {"source": "security@wordfence.com", "tags": ["Issue Tracking"], "url": "https://plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.11/video-slider-with-thumbnails.php#L1105"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8cfbad9f-61ba-4216-9078-c1e7e809899a?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.10/video-slider-with-thumbnails.php#L1103"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://plugins.trac.wordpress.org/browser/video-slider-with-thumbnails/tags/1.0.11/video-slider-with-thumbnails.php#L1105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8cfbad9f-61ba-4216-9078-c1e7e809899a?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}