CVE-2023-5307

Name of the Vulnerable Software and Affected Versions Photos and Files Contest Gallery WordPress plugin version 21.2.8.1 and earlier

Description The issue allows unauthenticated users to perform Cross-Site Scripting attacks via certain headers due to the plugin not sanitising and escaping some parameters.

Recommendations For versions prior to 21.2.8.1, update to version 21.2.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.