ThreatPress

WordPress Vulnerabilities Database

Back

WordPress GRAND FlAGallery Plugin <= 2.71 - XSS

Product
Grand Flagallery
Description
Because of this vulnerability in wp-admin/admin.php, the attackers can inject arbitrary web script or HTML via the "s" parameter in a flag-manage-gallery action.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2013-3261
Versions
Affected In <= 2.71
Fixed In 2.72
Disclosure date
2013-04-22