CVE-2024-3899

Name of the Vulnerable Software and Affected Versions The Gallery Plugin for WordPress versions prior to 1.8.15

Description The issue is related to the lack of sanitization and escaping of some image settings in the plugin, which could allow users with post-writing privileges, such as Authors, to perform Cross-Site Scripting attacks.

Recommendations For versions prior to 1.8.15, update to version 1.8.15 or later to resolve the issue. As a temporary workaround, consider restricting post-writing privileges to trusted users until the update is applied.