CVE-2020-35582

A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt