First published: Sat Feb 08 2020(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
10web Photo Gallery | <1.2.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Photo Gallery plugin is CVE-2015-1394.
The severity rating for CVE-2015-1394 vulnerability is medium with a score of 5.4.
Remote authenticated users can exploit CVE-2015-1394 vulnerability by injecting arbitrary web scripts or HTML via various parameters.
The Photo Gallery plugin versions before 1.2.11 are affected by CVE-2015-1394 vulnerability.
To fix CVE-2015-1394 vulnerability, update the Photo Gallery plugin to version 1.2.11 or above.