WordPress 1 Flash Gallery Plugin 0.2.5 - Cross-Site Scripting and SQL Injection

1-flash-gallery

Software
1 Flash Gallery
Versions
<= 0.2.5
Disclosure date
2011-03-08
CVE
CVE-N/A
References
Classification
Multiple Vulnerabilities
OWASP Top 10

Are your websites subject to this vulnerability?

Details

1 Flash Gallery plugin is prone to SQL injection and XSS vulnerabilities. These vulnerabilities allow attackers to modify data, compromise the access and application, exploit hidden vulnerabilities in the underlying database or steal cookie-based authentication credentials.

Solution

Update the plugin.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.