Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
XSS
WordPress
Lazyest Gallery
NVD
VulDB
CVSS 2.0
2.6
EPSS
0.5%