762 matches found
CVE-2010-1186
The CVE-2010-1186 entry documents a Cross-Site Scripting (XSS) vulnerability in the NextGEN Gallery WordPress plugin. Affected component: xml/media-rss.php; vulnerable until version 1.5.2 where the mode parameter is reflected without proper escaping, enabling remote attackers to inject arbitrary ...
Directory traversal
Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the bookid parameter. NOTE: some of these details are obtained from third...