CVE-2026-4766 in devrix Easy Image Gallery Plugin정보

요약 (영어)

The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insufficient input sanitization and output escaping on user-supplied gallery shortcode values. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

책임이 있는

Wordfence

예약하다

2026. 03. 24.

공개

2026. 03. 25.

엔트리

VulDB provides additional information and datapoints for this CVE:

아이디	취약성	CWE	악용	대책	CVE
352905	devrix Easy Image Gallery Plugin Shortcode 크로스 사이트 스크립팅	79	정의되지 않음	공식 수정	CVE-2026-4766

설명

CPE

CWE

CVSS

익스플로잇

역사

차이

연결하다

위협 인텔리전스

API JSON

API XML

API CSV

◂ 이전개요다음 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!