CVE-2020-9334

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the Envira Photo Gallery plugin for WordPress, affecting versions through 1.7.6 [1]. The flaw allows an authenticated attacker with low privileges to inject arbitrary JavaScript code into gallery entries, which is then stored and executed when other users view the affected gallery pages.

Exploitation

An attacker must have an authenticated WordPress account with at least contributor-level access to create or edit gallery entries. The attacker injects malicious JavaScript into a gallery field that is not properly sanitized by the plugin. When any other user (including administrators) visits the page containing the malicious gallery, the injected script executes in their browser context.

Impact

Successful exploitation results in execution of arbitrary JavaScript in the context of the victim's browser. This can lead to session hijacking, theft of authentication cookies, defacement of the site, or redirection to malicious sites. The attacker does not need elevated privileges beyond a low-level authenticated role.

Mitigation

The vulnerability is patched in version 1.7.7 and later [1]. Users should update the Envira Photo Gallery plugin to the latest version available (at least 1.7.7). No workaround is provided for versions prior to 1.7.7; the only mitigation is to upgrade. The plugin's current version is 1.12.5 as of the reference [1].