PT-2024-23480 · Unknown · Gallery Album+1
Lvt-Tholv2K
·
Published
2024-03-31
·
Updated
2024-04-07
·
CVE-2024-30550
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
wpdevart Responsive Image Gallery, Gallery Album versions through 2.0.3
Description
The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Reflected XSS in the Gallery Album. The risk involves remote attack via script injection.
Recommendations
For versions through 2.0.3, update immediately or deactivate the plugin until a patch is available. Check for updates or contact the provider for a fix. As a temporary workaround, consider restricting access to the plugin to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gallery Album
Wpdevart Responsive Image Gallery