CVE-2026-57755
Deferred Deferred - Pending Action

Cross Site Scripting (XSS) in Mosaic Gallery – Advanced Gallery

Vulnerability report for CVE-2026-57755, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Patchstack

Description

Contributor Cross Site Scripting (XSS) in Mosaic Gallery &#8211; Advanced Gallery <= 1.2.0 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack mosaic_gallery_advanced_gallery to 1.2.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a Cross Site Scripting (XSS) issue found in the WordPress Mosaic Gallery – Advanced Gallery Plugin version 1.2.0 or lower.

It allows attackers to inject malicious scripts into websites by exploiting the plugin, potentially through user interaction such as clicking a malicious link or visiting a crafted page.

The vulnerability is categorized under OWASP Top 10 A3: Injection and has a low severity impact with a CVSS score of 6.5.

Impact Analysis

Exploitation of this vulnerability can allow attackers to inject malicious scripts into your website.

  • These scripts could perform unwanted redirects.
  • They could display unauthorized advertisements.

Successful exploitation requires user interaction, such as clicking a malicious link or visiting a crafted page.

The overall risk is considered low, but it can still compromise the integrity and user experience of your website.

Mitigation Strategies

Immediate action is recommended to mitigate this vulnerability.

  • Update the Mosaic Gallery – Advanced Gallery plugin to a version higher than 1.2.0 if available.
  • If no official patch is available, seek assistance from your hosting provider or a web developer to apply custom mitigations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57755. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart