Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Network-reachable reflected XSS needs no attacker auth (PR:N) but requires victim to open a crafted link (UI:R); script escapes component trust boundary (S:C) with limited C/I/A impact.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Rossiter Document Gallery document-gallery allows Reflected XSS.This issue affects Document Gallery: from n/a through <= 5.1.0.
AnalysisAI
Reflected cross-site scripting in the Dan Rossiter Document Gallery WordPress plugin (all versions up to and including 5.1.0) lets an unauthenticated attacker inject script into a reflected response that executes in a victim's browser when they follow a crafted link. Because the CVSS scope is changed, the injected script can affect resources beyond the vulnerable component (e.g., the surrounding WordPress session context). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that a victim with an active session on the target WordPress site clicks or loads an attacker-crafted link targeting the Document Gallery plugin's reflected parameter (UI:R in the CVSS vector), so it is not fully automatable and cannot be triggered server-side without a lured user. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 7.1 (High) with vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L: network-reachable, low complexity, no privileges, but requiring user interaction (the victim must open a crafted link), with limited confidentiality, integrity and availability impact amplified by a scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a URL pointing at the vulnerable WordPress site with a malicious script payload embedded in a parameter handled by Document Gallery, then delivers it via phishing email, forum post, or social media. When a logged-in administrator or visitor clicks the link, their browser reflects and executes the script in the site's context, allowing session/cookie theft or actions on the victim's behalf. … |
| Remediation | No vendor-released patched version is named in the available data, so treat the primary action as upgrading to any release later than 5.1.0 once the maintainer publishes a fixed build, and monitor the Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/document-gallery/vulnerability/wordpress-document-gallery-plugin-5-1-0-cross-site-scripting-xss-vulnerability) and the plugin's WordPress.org listing for that release. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, audit all WordPress installations to identify Dan Rossiter Document Gallery plugin versions 5.1.0 and earlier; disable or remove the plugin immediately if not operationally critical. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43356