CVE-2020-9334

Name of the Vulnerable Software and Affected Versions Envira Photo Gallery plugin through 1.7.6 for WordPress

Description A stored XSS issue exists due to inadequate protection of the webpage structure. This allows a remote attacker to perform cross-site scripting attacks. Successful exploitation would enable an authenticated low-privileged user to inject arbitrary JavaScript code viewed by other users.

Recommendations For Envira Photo Gallery plugin versions through 1.7.6, update to a version later than 1.7.6 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.