Skip to main content

Document Gallery

1 CVEs product

Monthly

CVE-2026-57695 HIGH This Week

Reflected cross-site scripting in the Dan Rossiter Document Gallery WordPress plugin (all versions up to and including 5.1.0) lets an unauthenticated attacker inject script into a reflected response that executes in a victim's browser when they follow a crafted link. Because the CVSS scope is changed, the injected script can affect resources beyond the vulnerable component (e.g., the surrounding WordPress session context). This flaw was reported by Patchstack; no public exploit code has been identified and it is not listed in CISA KEV at time of analysis.

XSS Document Gallery
NVD
CVSS 3.1
7.1
EPSS
0.3%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the Dan Rossiter Document Gallery WordPress plugin (all versions up to and including 5.1.0) lets an unauthenticated attacker inject script into a reflected response that executes in a victim's browser when they follow a crafted link. Because the CVSS scope is changed, the injected script can affect resources beyond the vulnerable component (e.g., the surrounding WordPress session context). This flaw was reported by Patchstack; no public exploit code has been identified and it is not listed in CISA KEV at time of analysis.

XSS Document Gallery
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy