Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and previous versions for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
photo gallery plugin project photo gallery plugin 1.1.30 |