{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4766", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-03-24T12:52:49.026Z", "datePublished": "2026-03-25T01:25:06.425Z", "dateUpdated": "2026-04-08T17:30:19.810Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:30:19.810Z"}, "affected": [{"vendor": "devrix", "product": "Easy Image Gallery", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.5.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insufficient input sanitization and output escaping on user-supplied gallery shortcode values. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Easy Image Gallery <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Shortcode Post Meta", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e7279f74-c2bd-4601-b8d5-0effe43705a5?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-image-gallery/trunk/includes/template-functions.php#L240"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-image-gallery/tags/1.5.3/includes/template-functions.php#L240"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}, {"lang": "en", "type": "finder", "value": "Itthidej Aramsri"}, {"lang": "en", "type": "finder", "value": "Waris Damkham"}], "timeline": [{"time": "2026-03-20T15:17:28.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T15:47:00.415700Z", "id": "CVE-2026-4766", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T15:47:08.675Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4766", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T15:47:00.415700Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T15:47:05.585Z"}}], "cna": {"title": "Easy Image Gallery <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Shortcode Post Meta", "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}, {"lang": "en", "type": "finder", "value": "Itthidej Aramsri"}, {"lang": "en", "type": "finder", "value": "Waris Damkham"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "devrix", "product": "Easy Image Gallery", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.5.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-03-20T15:17:28.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e7279f74-c2bd-4601-b8d5-0effe43705a5?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-image-gallery/trunk/includes/template-functions.php#L240"}, {"url": "https://plugins.trac.wordpress.org/browser/easy-image-gallery/tags/1.5.3/includes/template-functions.php#L240"}], "descriptions": [{"lang": "en", "value": "The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insufficient input sanitization and output escaping on user-supplied gallery shortcode values. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:30:19.810Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4766", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:30:19.810Z", "dateReserved": "2026-03-24T12:52:49.026Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-25T01:25:06.425Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insufficient input sanitization and output escaping on user-supplied gallery shortcode values. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El plugin Easy Image Gallery para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del campo meta de la publicaci\u00f3n del shortcode de Galer\u00eda en todas las versiones hasta la 1.5.3, inclusive. Esto se debe a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes en los valores del shortcode de galer\u00eda proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel Colaborador o superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."}], "id": "CVE-2026-4766", "lastModified": "2026-04-24T16:32:53.997", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-25T02:16:06.137", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/easy-image-gallery/tags/1.5.3/includes/template-functions.php#L240"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/easy-image-gallery/trunk/includes/template-functions.php#L240"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e7279f74-c2bd-4601-b8d5-0effe43705a5?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.5.3]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Easy Image Gallery", "source": "cna", "vendor": "devrix"}, "product": "easy_image_gallery", "vendor": "devrix"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-25T02:51:28.563495+00:00", "value": {"mitigation_remediation": ["Apply the latest Easy Image Gallery plugin version that removes the XSS vulnerability.", "If an update cannot be performed immediately, disable or delete the plugin until a safe release is available.", "Reduce the number of users assigned the Contributor role or create a custom role with fewer capabilities for gallery management.", "Deploy a web\u2011application firewall rule that blocks or sanitizes script payloads targeting the gallery shortcode field."], "summary": {"action": "Immediate Patch", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "WordPress sites that have the Easy Image Gallery plugin delivered by devrix, version 1.5.3 or any earlier release, are affected by this vulnerability.", "description_and_impact": "The Easy Image Gallery WordPress plugin contains a stored cross\u2011site scripting flaw in the gallery shortcode post metadata field because user\u2011supplied shortcode values are not properly sanitized or escaped. Attacks are limited to authenticated users with Contributor role or higher, who can insert arbitrary JavaScript into the shortcodes. When a page containing the infected shortcode is viewed, the malicious script runs in the visitor\u2019s browser, enabling data theft, defacement, or session hijacking.", "risk_and_exploitability": "The flaw carries a CVSS score of 6.4, indicating moderate severity. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an authenticated Contributor or higher, making the attack vector more limited but still feasible if privileged accounts are present. Attackers can deliver the payload via gallery shortcode insertion, and compromise occurs when victims load a page rendering the malicious shortcode, allowing the attacker to execute scripts in the victim\u2019s browser context."}}}}, "created": "2026-03-25T11:35:44.141408+00:00", "updated": "2026-03-25T21:16:00.491419+00:00", "vendors": ["devrix", "devrix$PRODUCT$easy_image_gallery", "wordpress", "wordpress$PRODUCT$wordpress"]}