CVE-2019-14790

Name of the Vulnerable Software and Affected Versions Limb Gallery plugin version 1.4.0

Description The issue concerns a cross-site scripting (XSS) problem. It is exploited through the "wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode" API endpoint, specifically via the task parameter.

Recommendations For Limb Gallery plugin version 1.4.0, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the "wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode" API endpoint to minimize the risk of exploitation. Avoid using the task parameter in the affected API endpoint until the issue is resolved.