CVE-2022-1327

Name of the Vulnerable Software and Affected Versions Image Gallery WordPress plugin versions prior to 1.1.6

Description The issue allows high-privileged users, such as admins, to perform Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitize and escape some of its image fields, even when unfiltered html is disallowed.

Recommendations For versions prior to 1.1.6, update to version 1.1.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Image Gallery plugin's image fields by high-privileged users until the update is applied.