Title: Security Issue Last modified: December 26, 2023 --- # Security Issue * [Jim Hill](https://wordpress.org/support/users/jimhill10/) * (@jimhill10) * [2 years, 5 months ago](https://wordpress.org/support/topic/security-issue-157/) * The plugin has a security issue per: * [Exifography <= 1.3.1 – Authenticated (Administrator+) Stored Cross-Site Scripting (wordfence.com)](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/thesography/exifography-131-authenticated-administrator-stored-cross-site-scripting) * “The Exifography plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.” The topic ‘Security Issue’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/thesography_777159.svg) * [Exifography](https://wordpress.org/plugins/thesography/) * [Frequently Asked Questions](https://wordpress.org/plugins/thesography/#faq) * [Support Threads](https://wordpress.org/support/plugin/thesography/) * [Active Topics](https://wordpress.org/support/plugin/thesography/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/thesography/unresolved/) * [Reviews](https://wordpress.org/support/plugin/thesography/reviews/) * 0 replies * 1 participant * Last reply from: [Jim Hill](https://wordpress.org/support/users/jimhill10/) * Last activity: [2 years, 5 months ago](https://wordpress.org/support/topic/security-issue-157/) * Status: not resolved