CVE-2015-7386

Name of the Vulnerable Software and Affected Versions Gallery - Photo Albums - Portfolio plugin version 1.3.47

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the Media Title or Media Subtitle fields in the includes/metaboxes.php file.

Recommendations For version 1.3.47, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Media Title and Media Subtitle fields to minimize the risk of exploitation.