Description
The Gallery Styles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery Block in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2025-03-08
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting
Action: Patch
AI Analysis

Impact

An authenticated user with Contributor or higher access can insert arbitrary JavaScript into the Gallery Block of WordPress pages. The injected code executes in the browsers of any visitor who views the affected page, enabling session hijacking, cookie theft, or other client‑side attacks. The vulnerability stems from insufficient input sanitization and output escaping, a classic instance of CWE‑79. The impact directly compromises confidentiality and integrity of users interacting with the compromised content.

Affected Systems

The Gallery Styles plugin for WordPress, sold by kometschuh, is affected in all releases up to and including version 1.3.4. Any WordPress installation that has a vulnerable version of this plugin installed is at risk.

Risk and Exploitability

The vulnerability has a CVSS score of 6.4, indicating moderate risk. The EPSS score is below 1 %, suggesting a low probability of exploitation at present. It is not listed in the CISA KEV catalog. Exploitation requires authenticated access at the Contributor level or higher, implying that the attacker must first gain or be granted such privileges on the site. Once authenticated, the attacker can inject scripts through the Gallery Block, which are then stored and served to all users who view the page.

Generated by OpenCVE AI on April 20, 2026 at 23:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Gallery Styles plugin to the latest release that includes the XSS fix
  • If an upgrade is not immediately possible, limit Contributor-level access for users or configure the site to disable the Gallery Block in content editing
  • As a temporary measure, manually remove any suspicious or custom JavaScript from existing gallery blocks and sanitize user input

Generated by OpenCVE AI on April 20, 2026 at 23:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-7414 The Gallery Styles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery Block in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
History

Mon, 24 Mar 2025 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Tiptoppress
Tiptoppress gallery Styles
CPEs cpe:2.3:a:tiptoppress:gallery_styles:*:*:*:*:*:wordpress:*:*
Vendors & Products Tiptoppress
Tiptoppress gallery Styles

Tue, 11 Mar 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 08 Mar 2025 09:30:00 +0000

Type Values Removed Values Added
Description The Gallery Styles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery Block in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Title Gallery Styles <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Tiptoppress Gallery Styles
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:21:48.151Z

Reserved: 2025-02-28T15:55:22.884Z

Link: CVE-2025-1783

cve-icon Vulnrichment

Updated: 2025-03-10T16:56:54.331Z

cve-icon NVD

Status : Analyzed

Published: 2025-03-08T10:15:11.647

Modified: 2025-03-24T18:10:03.760

Link: CVE-2025-1783

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T23:45:21Z

Weaknesses