Cross-site Scripting Vulnerability in WP Chill Gallery PhotoBlocks
CVE-2026-24389

Currently unrated

Key Information:

Vendor: WordPress
Status: Gallery Photoblocks
Vendor: CVE Published:; 22 January 2026

What is CVE-2026-24389?

A Cross-site Scripting (XSS) vulnerability has been identified in the WP Chill Gallery PhotoBlocks plugin, allowing an attacker to execute arbitrary JavaScript code in the context of user sessions. This issue arises from improper neutralization of input during the web page generation process. The vulnerability affects versions of the Gallery PhotoBlocks plugin up to 1.3.2, posing a risk for users who have yet to update to a patched version. Implement immediate security measures to protect against potential exploitation.

Affected Version(s)

Gallery PhotoBlocks <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/photoblo...

vdb-entry

Timeline

Vulnerability published
Jan 22, 2026
Vulnerability Reserved
Jan 22, 2026

Credit

johska | Patchstack Bug Bounty Program

JSON

WordPress

What is CVE-2026-24389?

Affected Version(s)

References

Timeline

Credit