Cross-Site Scripting Vulnerability in GRAND FlAGallery Plugin for WordPress

CVE-2011-4624

Summary

The GRAND FlAGallery plugin for WordPress, specifically in the facebook.php file, has a Cross-Site Scripting (XSS) vulnerability. This issue arises when the 'i' parameter is not properly sanitized, allowing remote attackers to inject arbitrary web scripts or HTML code. This could lead to various malicious activities, including unauthorized actions on behalf of users and data theft. Users are advised to update to version 1.57 or later to mitigate this vulnerability.

References