CVE-2026-5361 | smub Envira Gallery Plugin up to 1.12.4 on WordPress REST API update_gallery_data arrows cross site scripting

A vulnerability classified as problematic was found in smub Envira Gallery Plugin up to 1.12.4 on WordPress. Affected by this issue is the function update_gallery_data of the component REST API. The manipulation of the argument arrows results in cross site scripting.

This vulnerability is cataloged as CVE-2026-5361. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More