CVE-2024-12096

Name of the Vulnerable Software and Affected Versions Exhibit to WP Gallery WordPress plugin version 0.0.2

Description The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitized and escaped before being outputted back in the page. This could be used against high-privilege users, such as administrators.

Recommendations For version 0.0.2, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the plugin's functionality to minimize the risk of Reflected Cross-Site Scripting attacks. Avoid using the vulnerable parameter in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.