Gmedia Photo Gallery < 1.18.5 - Multiple Cross-Site Scripting (XSS)



Description
Multiple XSS vulnerabilities were discovered in the Gmedia Gallery plugin (version 1.18.0) WordPress plugin. These vulnerabilities were caused by improper validation of user input in the album, gallery, category and media upload module. The vulnerability types include both stored and reflected XSS.

Affects Plugin

fixed in version 1.18.5

References

URL https://fortiguard.com/zeroday/FG-VD-20-051
URL https://plugins.trac.wordpress.org/changeset/2292973/grand-media

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Vishnupriya Ilango of Fortinet's FortiGuard Labs
Views 1173
Verified No
WPVDB ID 10197

Timeline

Publicly Published 2020-04-28 (28 days ago)
Added 2020-04-28 (27 days ago)
Last Updated 2020-05-04 (21 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin