All Wordfence users, including users of our Free, Premium, Care, and Response products are protected from exploits targeting this vulnerability thanks to the Wordfence Firewall’s built-in Cross-Site Scripting (XSS) protection.
We attempted to reach out to the developer day on November 11, 2021, the same day we discovered the vulnerability. We never received a response after a couple of follow-ups so we sent the full details to the WordPres.org plugins team on November 20, 2021. The plugin was fully patched on January 14, 2022.
We strongly recommend ensuring that your site has been updated to the latest patched version of “Photoswipe Masonry Gallery”, which is version 1.2.18 at the time of this publication.
Description: Authenticated Stored Cross-Site Scripting
Affected Plugin: Photoswipe Masonry Gallery
Plugin Slug: photoswipe-masonry
Plugin Developer: Web Design