WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Gallery plugin 2.0.0, which stems from a failure to clean up and escape parameters before outputting them back to the response of an AJAX operation. An attacker could use this vulnerability to inject JavaScript and perform a reflective XSS attack.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress gallery plugin | lt | 2.0.0 |