Report
The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard
Score:4.8
Severity:Medium
Version: 3.5.2
There is a patch available in v3.5.3 and we strongly recommend you update to this version as soon as possible.
