Envira Gallery Lite < 1.8.3.3 - Authenticated Stored Cross-Site Scripting

The plugin does not properly sanitise the images metadata (namely title) before outputting them in the generated gallery. This allows privileged accounts such as editor+ to perform XSS attacks (even without the unfiltered_html capability) against users visiting the gallery in the frontend.

As an editor+, add an image to a gallery and set its title (via the metadata) to <img src onerror=alert(/XSS/)>. Then view a page where the gallery is embed.

https://drive.google.com/open?id=1G15mMK4mLFV5VUL_vWxpbbBDworjciiM