CVE-2023-28666

Name of the Vulnerable Software and Affected Versions InPost Gallery WordPress plugin versions prior to 2.2.2

Description The issue is a reflected cross-site scripting vulnerability. It affects the imgurl parameter to the add inpost gallery slide item action and can only be triggered by an authenticated user.

Recommendations For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the add inpost gallery slide item action to minimize the risk of exploitation. Avoid using the imgurl parameter in the affected action until the issue is resolved.