Cross-site Scripting Vulnerability in GT3 Photo Gallery by GT3
CVE-2025-24707

7.1HIGH

Key Information:

Vendor: WordPress
Status: Photo Gallery - Gt3 Image Gallery & Gutenberg Block Gallery
Vendor: CVE Published:; 3 February 2025

What is CVE-2025-24707?

GT3 Photo Gallery is vulnerable to reflected cross-site scripting (XSS), which occurs when user inputs are improperly handled during web page generation, allowing attackers to execute arbitrary scripts in the context of users' sessions. This issue affects versions of the GT3 Image Gallery and Gutenberg Block Gallery plugin up to 2.7.7.24, posing significant security risks.

Affected Version(s)

Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.24

References

https://patchstack.com/database/wordpress/plugin/gt3-phot...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Peter Thaleikis (Patchstack Alliance)