CVE-2022-1946

Name of the Vulnerable Software and Affected Versions The Gallery WordPress plugin versions prior to 2.0.0

Description The issue arises from the plugin's failure to sanitise and escape a parameter before outputting it back in the response of an AJAX action, which is available to both unauthenticated and authenticated users. This leads to a Reflected Cross-Site Scripting issue.

Recommendations For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action to minimize the risk of exploitation.