Description

WordPress Plugin Lazyest Gallery is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress Plugin Lazyest Gallery version 1.1.20 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.1.21 or latest

References

http://codalabs.net/cla-2014-002

http://secunia.com/advisories/57746/

Related Vulnerabilities

WordPress Plugin Custom Field Template Cross-Site Request Forgery (2.5.1)

Jenkins Incorrect Authorization Vulnerability (CVE-2023-27903)

WordPress Plugin Management App for WooCommerce-Order notifications, Order management, Lead management, Uptime Monitoring Unspecified Vulnerability (1.2.3)

WordPress Plugin My WordPress Login Logo Multiple Unspecified Vulnerabilities (2.1)

WordPress Plugin Easy Digital Downloads Attach Accounts to Orders Cross-Site Scripting (2.0.1)

Severity

High

Classification

CVE-2014-2333 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update XSS