The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
6.1CVSS
6.1AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays β Responsive Image Gallery plugin <= 5.1.3 versions.
7.1CVSS
5.9AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays β Responsive Image Gallery plugin <= 5.2.6 versions.
8.8CVSS
8.8AI Score
0.001EPSS