CVE-2021-24126 Information

Description

Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin versions before 1.8.3.3 did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery which could lead to privilege escalation.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://wpscan.com/vulnerability/f3952bd1-ac2f-4007-9e19-6c44a22465f3

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4