The plugin does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed
https://youtu.be/kTMg65teTvU Create an Album with the following payload as Name: test"><img src onerror=alert(/XSS/)> Add a media via the "Add/Import files" menu and select the album created above The XSS will be triggered when viewing the media post
Kaushalendra Dubey
Kaushalendra Dubey
Yes
2022-04-25 (about 1 years ago)
2022-04-25 (about 1 years ago)
2023-02-06 (about 3 months ago)