PT-2026-40849 · WordPress · Envira Gallery Lite
Athiwat Tiprasaharn
+1
·
Published
2026-05-14
·
Updated
2026-05-14
·
CVE-2026-5361
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Envira Gallery Lite versions prior to 1.12.5
Description
Stored Cross-Site Scripting is possible via the REST API due to insufficient input sanitization in the
update gallery data() function and improper output escaping in the gallery init() function. Specifically, the sanitize config values() function fails to sanitize the arrows parameter, only processing justified gallery theme and justified row height. When the arrows value is output in the inline JavaScript configuration, the use of esc attr()—which is intended for HTML attributes rather than JavaScript contexts—allows for JavaScript expression injection. Authenticated attackers with Author-level access or higher can inject arbitrary web scripts that execute when a user visits the affected page.Recommendations
Update to a version later than 1.12.4.
As a temporary workaround, restrict access to the REST API or limit user permissions to prevent users with Author-level access from modifying gallery data.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Envira Gallery Lite