A stored XSS vulnerability exists in the version of the plugin 1.7.6. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary javascript code into the plugin gallery image which is viewed by other users.
CPE | Name | Operator | Version |
---|---|---|---|
envira-gallery-lite | lt | 1.7.7 |