Multiple XSS vulnerabilities in the Final Tiles Gallery plugin prior to 3.4.19 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to wp-admin/admin-ajax.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
machothemes image photo gallery final tiles grid |