PT-2026-22884 · WordPress · Envira Gallery For Wordpress

Athiwat Tiprasaharn

Publicado

2026-03-04

Atualizado

2026-03-05

CVE-2026-1236

CVSS v3.1

6.4

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Envira Gallery for WordPress plugin versions up to and including 1.12.3

Description The Envira Gallery for WordPress plugin is susceptible to Stored Cross-Site Scripting through the justified gallery theme parameter. Insufficient input sanitization and output escaping allow authenticated attackers with Author-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page.

Recommendations Update Envira Gallery for WordPress plugin to a version later than 1.12.3

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-1236

Produtos afetados

Envira Gallery For Wordpress

PT-2026-22884 · WordPress · Envira Gallery For Wordpress

CVE-2026-1236

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11