CVE-2024-10875: 
WordPress vulnerability analysis and mitigation

The Gallery Manager plugin for WordPress contains a Reflected Cross-Site Scripting vulnerability (CVE-2024-10875) that affects all versions up to and including 1.6.58. The vulnerability was discovered and disclosed on November 15, 2024 (NVD).

The vulnerability stems from improper use of remove_Query_Arg function without appropriate URL escaping in the plugin. This implementation flaw has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility with low attack complexity and no privileges required (Wordfence).

The vulnerability allows unauthenticated attackers to inject arbitrary web scripts that execute when users perform specific actions, such as clicking on malicious links. This could lead to the compromise of user sessions and potential data exposure (NVD).

Users of the Gallery Manager WordPress plugin should update to a version newer than 1.6.58 once available. Until then, website administrators should implement additional security controls and monitor for suspicious activities (NVD).