Codeasily » Grand Flagallery : Security Vulnerabilities, CVEs,

CVE-2021-24903

The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.
Max CVSS
4.8
EPSS Score
0.06%
Published
2022-02-28
Updated
2022-03-07

CVE-2014-8491

The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php.
Max CVSS
5.3
EPSS Score
0.17%
Published
2017-10-18
Updated
2017-11-08

CVE-2011-4624

Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.
Max CVSS
4.3
EPSS Score
0.43%
Published
2014-10-01
Updated
2018-10-09
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close