CVE-2021-39313: 
WordPress vulnerability analysis and mitigation

The Simple Image Gallery WordPress plugin (versions up to and including 1.0.6) was identified with a Reflected Cross-Site Scripting vulnerability, tracked as CVE-2021-39313. The vulnerability was discovered by researcher p7e4 and was publicly disclosed on December 14, 2021. This security issue affects the Simple Responsive Image Gallery WordPress plugin, specifically through the msg parameter in the simple-image-gallery.php file (WPScan, CVE Mitre).

The vulnerability is classified as a Reflected Cross-Site Scripting (XSS) issue, with a CVSS score of 6.1 (Medium) and vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The security flaw is specifically located in the msg parameter within the ~/simple-image-gallery.php file, which allows attackers to inject arbitrary web scripts. This vulnerability falls under the OWASP Top 10 category A7: Cross-Site Scripting (XSS) and is classified as CWE-79 (Wordfence, WPScan).

The vulnerability enables attackers to inject arbitrary web scripts through the msg parameter, potentially leading to the compromise of user sessions, theft of sensitive information, or manipulation of website content. The CVSS scoring indicates low impacts on both confidentiality and integrity, with no impact on availability (Wordfence).

As of the vulnerability disclosure, no official patch has been released for this security issue. Users of the Simple Image Gallery WordPress plugin should consider either removing the plugin or implementing additional security controls to prevent XSS attacks (WPScan).