Attention WordPress website owners using the Gallery Bank plugin: Your website’s security may be at risk! A high-severity Cross-Site Scripting (XSS) vulnerability has been identified, potentially exposing your website to malware threats and other security risks.

The security flaw was discovered and responsibly reported by Rafie Muhammad of Patchstack, highlighting the importance of security researchers in ensuring a secure WordPress environment.


This XSS vulnerability has been classified as high severity, reflecting its significant impact on your website’s security. With a CVSS 3.1 score of 7.1, the risk of exploitation is considerable.

Affected Versions:

If your website is running any version of the Gallery Bank plugin up to version 4.0.18, it is vulnerable to this security flaw. Immediate action is crucial to protect your website and your visitors from potential attacks.


By exploiting this vulnerability, malicious actors can inject harmful scripts, such as redirects, advertisements, or other HTML payloads, into your website. When unsuspecting guests visit your site, these malicious scripts are executed, potentially leading to harmful consequences.


To fortify your website’s defenses and mitigate potential threats, immediate action is imperative:

  1. Update to the Latest Version: Update the WordPress Gallery Bank plugin to version 4.0.19 or higher without delay. The latest version contains essential patches to eliminate the XSS vulnerability and bolster overall plugin security.
  2. Regular Security Audits: Conduct regular security audits of your WordPress website to identify and address potential vulnerabilities proactively.
  3. Educate Your Team: Educate your website administrators and staff about WordPress security best practices to prevent security breaches.
  4. Monitor for Updates: Stay informed about the latest security updates and advisories from the Gallery Bank plugin developers. Regularly check for plugin updates and apply them promptly.

In the realm of WordPress security, proactive measures are indispensable to protect against emerging threats and potential WordPress vulnerability exploits. By staying vigilant and promptly addressing vulnerabilities like this XSS flaw, you establish a resilient WordPress security posture and enhance user trust.