Reflected XSS Vulnerability in Photo Gallery Plugin by Ape
CVE-2025-22317

7.1HIGH

Key Information:

Vendor: Galleryape
Status: Photo Gallery – Image Gallery By Ape
Vendor: CVE Published:; 15 January 2025

Summary

A reflected XSS vulnerability has been identified in the Photo Gallery – Image Gallery by Ape plugin, allowing attackers to inject malicious scripts into web pages. This occurs during the processing of user input, which is inadequately sanitized before being displayed. As a result, users can be tricked into executing harmful scripts that may lead to information theft or session hijacking. The vulnerability impacts versions up to 2.2.8, posing a risk to site security and user data integrity.

Affected Version(s)

Photo Gallery – Image Gallery by Ape <= 2.2.8

References

https://patchstack.com/database/wordpress/plugin/gallery-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Jan 3, 2025

Credit

Le Ngoc Anh (Patchstack Alliance)