Cross-site Scripting Vulnerability in GT3 Photo Gallery by GT3
CVE-2025-24707
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 3 February 2025
What is CVE-2025-24707?
GT3 Photo Gallery is vulnerable to reflected cross-site scripting (XSS), which occurs when user inputs are improperly handled during web page generation, allowing attackers to execute arbitrary scripts in the context of users' sessions. This issue affects versions of the GT3 Image Gallery and Gutenberg Block Gallery plugin up to 2.7.7.24, posing significant security risks.
Affected Version(s)
Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.24