This vulnerability (CVE-2024-29769) in the Portfolio Gallery – Image Gallery Plugin is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), specifically a stored cross-site scripting (XSS) issue. It affects versions through 1.5.6 and allows an attacker with at least low privileges and requiring user interaction to inject malicious scripts that can execute in the context of other users. The CVSS 3.1 vector indicates network attack vector, low attack complexity, low privileges required, user interaction required, and impacts confidentiality, integrity, and availability at a low level. No official fix or patch has been disclosed at this time.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the affected application, potentially leading to information disclosure, modification of data, or disruption of service. The impact is rated as medium severity with limited confidentiality, integrity, and availability impacts. There are no known active exploits reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should consider restricting privileges to trusted users and be cautious with user-generated content. Monitor official sources for updates and apply any official fixes promptly once released.