Cross-Site Scripting Vulnerability in GRAND FlAGallery Plugin for WordPress
CVE-2011-4624

Currently unrated

Key Information:

Vendor

Wordpress
Status
Grand Flagallery
Vendor
CVE Published:
1 October 2014

What is CVE-2011-4624?

The GRAND FlAGallery plugin for WordPress, specifically in the facebook.php file, has a Cross-Site Scripting (XSS) vulnerability. This issue arises when the 'i' parameter is not properly sanitized, allowing remote attackers to inject arbitrary web scripts or HTML code. This could lead to various malicious activities, including unauthorized actions on behalf of users and data theft. Users are advised to update to version 1.57 or later to mitigate this vulnerability.

References

http://archives.neohapsis.com/archives/bugtraq/2011-12/01...
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/520691/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://wordpress.org/extend/plugins/flash-album-gallery/c...
x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.