2 matches found
CVE-2025-14796
CVE-2025-14796 (My Album Gallery, WordPress) is a stored XSS via image title in My Album Gallery ≤ 1.0.4. Root cause: insufficient input sanitization and output escaping for the attachment->title attribute. Exploitation requires authenticated access at Author level or higher, enabling script i...
WordPress My Album Gallery plugin <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Image Title vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin My Album Gallery versions = 1.0.4...