Zero-Day Advisory
Fortinet Discovers WordPress Envira Photo Gallery Plugin Cross-Site Scripting Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a stored cross-site scripting (XSS) vulnerability in the WordPress Envira Photo Gallery plugin.
Envira is a popular drag & drop photo gallery plugin. It has over 100,000+ active installations and also offers a premium version of the plugin.
A stored XSS vulnerability exists in the version of the plugin 1.7.6. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary javascript code into the plugin gallery image which is viewed by other users.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:WordPress.Plugin.Envira.Photo.Gallery.Title.XSS
Released Feb 18, 2020
Users should apply the solution provided by Envira Gallery Team.
Timeline
Fortinet reported the vulnerability to Envira Gallery Team on February 13, 2020
Envira Gallery Team confirmed the vulnerability on February 14, 2020
Envira Gallery Team patched the vulnerability on February 17, 2020