2 matches found
CVE-2015-4133
CVE-2015-4133 concerns the ReFlex Gallery WordPress plugin (affected version: before 3.1.4). The issue is an unrestricted file upload in admin/scripts/FileUploader/php.php, allowing an attacker to upload a PHP file and access it via uploads/ to execute arbitrary code remotely. The root cause is i...
CVE-2013-7482
The CVE-2013-7482 entry concerns the Reflex Gallery WordPress plugin, with the affected component being the reflex-gallery plugin for WordPress. Multiple connected sources confirm a cross-site scripting (XSS) vulnerability present in versions prior to 1.4.3. The Red Hat entry and CNVD/CVE records...