Cross-Site Scripting Vulnerability in Attach Gallery Posts Plugin by WordPress
CVE-2025-23441
7.1HIGH
Summary
The Attach Gallery Posts plugin for WordPress is vulnerable to a reflected Cross-Site Scripting (XSS) attack due to improper neutralization of user input during web page generation. This vulnerability allows attackers to inject malicious scripts into the pages viewed by users, potentially compromising their sessions, stealing sensitive data, or redirecting users to malicious sites. This issue affects all versions up to 1.6.
Affected Version(s)
Attach Gallery Posts <= 1.6
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Le Ngoc Anh (Patchstack Alliance)