In Paged Gallery plugin for WordPress versions up to and including 0.7 a medium severity vulnerability CVE-2025-5686 was detected. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject malicious scripts via the gallery shortcode due to insufficient input sanitization and output escaping. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5686.
WordPress: Stored XSS via gallery Shortcode in Paged Gallery Plugin
by the Hossted team
06.06.2025