Gallery – Photo Albums Plugin, CVE-2015-7386

CVE, Research URL: CVE-2015-7386
Home page URL: Security reports for Gallery – Photo Albums Plugin
Application: Gallery – Photo Albums Plugin
Published on: Sep 28, 2015
Research Description: Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media Title or (2) Media Subtitle fields.
Affected versions: Min -, max 1.3.03.
Status: vulnerable