CVE-2025-14453

The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'stylecss' shortcode attribute in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-14453 My Album Gallery <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style_css' Shortcode Attribute

The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'stylecss' shortcode attribute in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-14453

CVE-2025-14453 affects the My Album Gallery WordPress plugin. A stored XSS exists via the style_css shortcode attribute in all versions up to 1.0.4 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (Contributor level or higher) and affects page...

WordPress My Album Gallery plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style_css' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'stylecss' Shortcode Attribute vulnerability discovered by WordFence in WordPress Plugin My Album Gallery versions = 1.0.4...