CVE-2022-1946
The WordPress Gallery plugin before 2.0.0 contains a reflected Cross-Site Scripting vulnerability in which a parameter is not sanitized/escaped before being echoed in the AJAX response. The issue is exploitable via an AJAX action accessible to both unauthenticated and authenticated users, potenti...