CVE-2015-7386: XSS
First published: Mon Sep 28 2015(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media Title or (2) Media Subtitle fields.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ghozylab Gallery | =1.3.47 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-7386?
CVE-2015-7386 is rated as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How can CVE-2015-7386 be exploited?
CVE-2015-7386 can be exploited by remote authenticated users to inject arbitrary web scripts or HTML through the Media Title or Media Subtitle fields.
What version of the plugin is affected by CVE-2015-7386?
CVE-2015-7386 affects version 1.3.47 of the Gallery - Photo Albums - Portfolio plugin for WordPress.
How do I fix CVE-2015-7386?
To fix CVE-2015-7386, users should update the Gallery - Photo Albums - Portfolio plugin to the latest version that addresses this vulnerability.
Who is impacted by CVE-2015-7386?
CVE-2015-7386 impacts remote authenticated users of the Gallery - Photo Albums - Portfolio plugin on WordPress sites.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ghozylab
- canonical/ghozylab gallery
- version/ghozylab gallery/1.3.47