CVE-2024-10102: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2024-10102) affects the Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin versions before 3.2.22. The vulnerability was discovered and disclosed in December 2024, impacting the gallery settings functionality of the plugin. The issue allows high-privilege users, such as contributors, to perform Stored Cross-Site Scripting (XSS) attacks due to insufficient sanitization and escaping of gallery settings (WPScan).

The vulnerability stems from improper sanitization and escaping of gallery settings within the plugin. The CVSS v3.1 base score is 2.7 (LOW) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N. The issue specifically affects the gallery settings functionality where certain fields, such as the 'Padding Left' parameter, can be manipulated to inject malicious JavaScript code (WPScan).

When exploited, this vulnerability allows authenticated users with contributor-level privileges or higher to store and execute malicious JavaScript code through the gallery settings. The stored XSS payload gets triggered when other users interact with the affected gallery elements, potentially compromising their browsing sessions (WPScan).

The vulnerability has been patched in version 3.2.22 of the Photo Gallery, Images, Slider in Rbs Image Gallery plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).