Codeasily Grand Flagallery vulnerabilities
3 known vulnerabilities affecting codeasily/grand_flagallery.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2011-4624P4MEDIUMCVSS 4.3PoC≤ 1.562014-10-01
CVE-2011-4624 [MEDIUM] CWE-79 CVE-2011-4624: Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.
nvd
CVE-2014-8491P4MEDIUMCVSS 5.3≤ 4.242017-10-18
CVE-2014-8491 [MEDIUM] CWE-200 CVE-2014-8491: The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installa
The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php.
nvd
CVE-2021-24903P4MEDIUMCVSS 4.8≤ 6.1.22022-02-28
CVE-2021-24903 [MEDIUM] CWE-79 CVE-2021-24903: The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery
The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.
nvd