The Gallery WordPress plugin before 2.0.0 does not...
Moderate severity
Unreviewed
Published
Jul 5, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Jul 4, 2022
Published to the GitHub Advisory Database
Jul 5, 2022
Last updated
Jan 27, 2023
The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue
References