# Exploit Title: WordPress Plugin Picture Gallery 1.4.2 - 'Edit Content URL' Stored Cross-Site Scripting (XSS)
# Date: 2021-08-06
# Exploit Author: Aryan Chehreghani
# Software Link: https://wordpress.org/plugins/picture-gallery/
# Version: 1.4.2
# Tested on: Windows 10
How to Reproduce this Vulnerability:
1. Install WordPress 5.8
2. Install and activate Picture Gallery - Frontend Image Uploads, AJAX Photo List
3. Navigate to admin menu wrap >> Picture Gallery >> Options >> Access Control Tab >> enter the XSS payload into the Edit Content URL input field.
4. Click Save Changes.
6. Payload Used: "><script>alert(document.cookie)</script>