Fortinet Discovers WordPress Envira Photo Gallery Plugin Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a stored cross-site scripting (XSS) vulnerability in the WordPress Envira Photo Gallery plugin.
Envira is a popular drag & drop photo gallery plugin. It has over 100,000+ active installations and also offers a premium version of the plugin.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Feb 18, 2020
Users should apply the solution provided by Envira Gallery Team.
Fortinet reported the vulnerability to Envira Gallery Team on February 13, 2020
Envira Gallery Team confirmed the vulnerability on February 14, 2020
Envira Gallery Team patched the vulnerability on February 17, 2020