Meta-box GalleryMeta Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Meta-box GalleryMeta plugin for WordPress, affecting all versions up to and including 3.0.1. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with editor-level permissions or higher to inject arbitrary scripts into pages. These scripts are executed when a user accesses the affected page. This vulnerability is present only in multi-site installations where unfiltered_html has been disabled.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.

Reproduction

To reproduce this vulnerability, an authenticated user with editor-level permissions or higher can inject scripts through the admin settings of the Meta-box GalleryMeta plugin. The injected scripts will be executed when the corresponding page is accessed.