CVE-2022-1282: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the Photo Gallery WordPress plugin versions prior to 1.6.3. The vulnerability was identified on April 11, 2022, and was assigned CVE-2022-1282. The issue affects the Photo Gallery plugin by 10Web, which is a popular WordPress extension for creating mobile-friendly image galleries (WPScan).

The vulnerability stems from improper sanitization of the $_GET['image_url'] variable, which is reflected back to users when executing the editimage_bwg AJAX action. The vulnerability has been classified as CWE-79 and received a CVSS score of 6.1 (medium severity). The issue was discovered and reported by ZhongFu Su(JrXnm) of Wuhan University (WPScan).

This reflected XSS vulnerability could allow attackers to execute malicious scripts in the context of other users' browsers, potentially leading to theft of sensitive information, session hijacking, or other client-side attacks (WPScan).

The vulnerability has been fixed in version 1.6.3 of the Photo Gallery plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).