CVE-2014-6315

Name of the Vulnerable Software and Affected Versions Web-Dorado Photo Gallery plugin versions 1.1.30 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via vulnerable parameters in an addImages action to "wp-admin/admin-ajax.php" API endpoint. The vulnerable parameters include callback, dir, and extensions.

Recommendations For Web-Dorado Photo Gallery plugin versions 1.1.30 and earlier, consider disabling the addImages action to the "wp-admin/admin-ajax.php" API endpoint until a patch is available. Restrict access to the callback, dir, and extensions parameters in the addImages action to minimize the risk of exploitation.