5 matches found
WordPress Gallery from files plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.Gallery from files is a plugin for WordPress. A cross-site scripting vulnerability exists in WordPress Gallery from...
PT-2021-15885 · WordPress · This Gallery From Files
Name of the Vulnerable Software and Affected Versions: This Gallery from files WordPress plugin versions 1.6.0 and earlier Description: The issue arises from the improper sanitization of filenames before being output in an error message when they have an invalid extension, leading to a reflected...
Gallery From Files <= 1.6.0 - Reflected Cross-Site Scripting (XSS)
This plugin gives us the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also b...
Gallery From Files <= 1.6.0 - Unauthenticated RCE
The upload feature of the plugin does not properly check for the allowed extensions, allowing them to be set in the request and attempting to remove the dangerous ones such as .php and .js, but forgetting about .php4, .html etc. As a result, unauthenticated users could upload arbitrary .php4 file...
WordPress Gallery from files plugin <= 1.60 - Unauthenticated Remote Code Execution (RCE) vulnerability
Unauthenticated Remote Code Execution RCE vulnerability discovered by WPScanTeam in WordPress Gallery from files plugin versions = 1.60. Solution This plugin has been closed as of May 24, 2021 and is not available for download. This closure is temporary, pending a full review...