We have patched this via a non-static version of the plugin. Updating the plugin to version 3.27.10 or higher resolves this issue. In addition, we have sanitised and escaped the following parameters for better security:
o_gallery_image – this is the main image slider control, where you can upload images from your media library and have them displayed in a slide-by-slide manner.
o_gallery_link – this is the main image slider control, where you can upload images from your media library and have them displayed in a link-by-link manner.
o_gallery_description – this is the main image slider control, where you can upload images from your media library and have them displayed in a description-by-description manner.
o_gallery_caption – this is the main image slider control, where you can upload images from your media library and have them displayed in a caption-by-caption manner.
o_gallery_extras – this is the main image slider control, where you can upload images from your media library and have them displayed in an array of image types (e.g. covers, banners, etc.)
o_gallery_random – this is the main image slider control, where you can upload images from your media library and have them displayed in a random order.
Solution to CVE-2022-2823
We have patched this via a non-static version of the plugin. Updating the plugin to version 3.27.10 or higher resolves this issue
Timeline
Published on: 10/10/2022 21:15:00 UTC
Last modified on: 10/11/2022 18:09:00 UTC