WordPress · Photos/Files Contest Gallery Wordpress Plugin · CVE-2024-1487
**Name of the Vulnerable Software and Affected Versions**
Photos and Files Contest Gallery WordPress plugin versions prior to 21.3.1
**Description**
The issue concerns a lack of sanitization and escaping of certain parameters, potentially allowing Cross-Site Scripting attacks by users with a role as low as author.
**Recommendations**
For versions prior to 21.3.1, update to version 21.3.1 or later to resolve the issue. As a temporary workaround, consider restricting the role of users to prevent potential exploitation until the update is applied. Avoid using vulnerable parameters in the plugin until the issue is resolved.