The plugin does not properly sanitise the images metadata (namely title) before outputting them in the generated gallery. This allows privileged accounts such as editor+ to perform XSS attacks (even without the unfiltered_html capability) against users visiting the gallery in the frontend.
As an editor+, add an image to a gallery and set its title (via the metadata) to <img src onerror=alert(/XSS/)>. Then view a page where the gallery is embed. https://drive.google.com/open?id=1G15mMK4mLFV5VUL_vWxpbbBDworjciiM
minhtuanact
SunCSR (Sun Cyber Security Research)
Yes
2020-12-19 (about 1 years ago)
2020-12-19 (about 1 years ago)
2021-01-20 (about 1 years ago)