CVE-2023-28666 Information

Description

The InPost Gallery WordPress plugin in versions < 2.2.2 is affected by a reflected cross-site scripting vulnerability in the ‘imgurl’ parameter to the add_inpost_gallery_slide_item action which can only be triggered by an authenticated user.

Reference

https://www.tenable.com/security/research/tra-2023-3 The InPost Gallery WordPress plugin in versions < 2.2.2 is affected by a reflected cross-site scripting vulnerability in the ‘imgurl’ parameter to the add_inpost_gallery_slide_item action which can only be triggered by an authenticated user.