Gallery < 2.0.0 - Reflected Cross-Site Scripting
CVE-2022-1946
6.1MEDIUM
What is CVE-2022-1946?
The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue
Affected Version(s)
Gallery – Image and Video Gallery with Thumbnails 2.0.0