Cross-Site Scripting Vulnerability in Gallery Plugin for WordPress

CVE-2015-7386

What is CVE-2015-7386?

The Gallery - Photo Albums - Portfolio plugin for WordPress has multiple vulnerabilities that allow remote authenticated users to exploit cross-site scripting (XSS) weaknesses. Specifically, the vulnerability arises from the improper validation of user inputs in the Media Title and Media Subtitle fields, enabling injection of arbitrary web scripts or HTML. This can lead to the execution of malicious scripts in the context of other users, posing a significant risk to site security and user data integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References