WordPress Community Forum
WordPress Support => WordPress Vulnerability => Topic started by: Kailash on Jun 10, 2022, 05:21 AM
WordPress Gallery Bank plugin <= 4.0.50 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Media Upload Module
Plugin name: WordPress Gallery Bank plugin
Vulnerable versions: <= 4.0.50
Fixed in: N/A (This plugin has been closed as of December 9, 2021)
CVE ID: N/A
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-09
Vulnerability Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Media Upload Module discovered by Vishnupriya Ilango (Fortinet FortiGuard Labs) in WordPress Gallery Bank plugin (versions <= 4.0.50).
Solution
Deactivate and delete. This plugin has been closed as of December 9, 2021 and is not available for download. Reason: Security Issue.
Plugin Link: This plugin has been closed as of December 9, 2021.