Lagotek

**Name of the Vulnerable Software and Affected Versions** WPChill Gallery PhotoBlocks plugin versions prior to 1.2.7 **Description** The issue concerns Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities. This means that an attacker could potentially inject malicious scripts into the application, which would then be executed by the user's browser, allowing the attacker to steal user data or take control of the user's session. **Recommendations** For WPChill Gallery PhotoBlocks plugin versions prior to 1.2.7, update to version 1.2.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** photoblocks-grid-gallery plugin versions prior to 1.1.33 **Description** The issue concerns a Cross-Site Scripting (XSS) flaw. The "wp-admin/admin.php?page=photoblocks-edit&id=" endpoint is vulnerable to XSS attacks. The `id` parameter is implicated in the vulnerability. **Recommendations** For versions prior to 1.1.33, update to version 1.1.33 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/admin.php?page=photoblocks-edit&id=" endpoint until the update is applied. Avoid using the `id` parameter in the affected endpoint until the issue is resolved.