GRAND FlAGallery 1.57 - Cross-Site Scripting

A cross-site scripting XSS vulnerability in facebook.php in the GRAND FlAGallery plugin flash-album-gallery before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. id: CVE-2011-4624 info: name: GRAND FlAGallery 1.57 - Cross-Site Scripting...

EUVD-2011-4547

Malware in sbrugna...

EUVD-2013-3198

Malware in sbrugna...

CVE-2021-24903

The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2013-3261

Cross-site scripting XSS vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action...

WordPress GRAND FlaGallery plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress GRAND FlaGallery plugin 6.1.2 and earlier versions have a cross-site scripting vulnerability that stems fr...

CVE-2021-24903

The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24903

The CVE-2021-24903 entry concerns the WordPress plugin GRAND FlaGallery (≤ 6.1.2). Affected component: gallery settings in the admin UI; root cause: insufficient sanitisation/escaping of certain settings, enabling Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_html is dis...

WordPress Grand FlaGallery plugin <= 6.1.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Tyler Miller in WordPress Grand FlaGallery plugin versions = 6.1.2. Solution Deactivate and delete. This plugin has been closed as of November 12, 2021 and is not available for download. Reason: Security Issue...

GRAND FlaGallery <= 6.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfilteredhtml capability is disallowed. Create/edit a gallery and put the following payload in the "Back Button Text" setting, then...

GRAND FlaGallery <= 6.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create/edit a gallery and put the following payload in the "Back Button Text" setting, th...

WordPress Grand Flagallery Plugin Information Disclosure Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up personal blog site.Grand Flagallery plugin is one of the integration of photo gallery, video gallery and music albums in one of the media...

Design/Logic Flaw

The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to 1 flagallery-skins/bannerwidgetdefault/gallery.php or 2 flash-album-gallery/skins/bannerwidgetdefault/gallery.php...

CVE-2014-8491

The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to 1 flagallery-skins/bannerwidgetdefault/gallery.php or 2 flash-album-gallery/skins/bannerwidgetdefault/gallery.php...

CVE-2014-8491

The CVE-2014-8491 issue affects the Grand Flagallery WordPress plugin prior to version 4.25. Affected component: the plugin’s gallery-related scripts (flagallery-skins/banner_widget_default/gallery.php and flash-album-gallery/skins/banner_widget_default/gallery.php). Root cause: these endpoints c...

CVE-2014-8491

The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to 1 flagallery-skins/bannerwidgetdefault/gallery.php or 2 flash-album-gallery/skins/bannerwidgetdefault/gallery.php...

Gr& Flagallery <= 4.24 - Full Path Disclosure

The Album and Image Gallery with Lightbox – Flagallery Photo Portfolio WordPress plugin was affected by a Full Path Disclosure security vulnerability...

WordPress EWWW Image Optimizer 2.0.1 Cross Site Scripting

Advisory ID: HTB23234 Product: EWWW Image Optimizer WordPress plugin Vendor: Shane Bishop Vulnerable Versions: 2.0.1 and probably prior Tested Version: 2.0.1 Advisory Publication: September 17, 2014 without technical details Vendor Notification: September 17, 2014 Vendor Patch: September 24, 2014...

CVE-2011-4624

Cross-site scripting XSS vulnerability in facebook.php in the GRAND FlAGallery plugin flash-album-gallery before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter...