CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7482 – ReFlex Gallery < 1.4.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-7482
22 Aug 2019 — The reflex-gallery plugin before 1.4.3 for WordPress has XSS. El plugin reflex-gallery anterior a 1.4.3 para WordPress tiene XSS. The reflex-gallery plugin before 1.4.3 for WordPress has XSS via Edit Content URL field. • https://wordpress.org/plugins/reflex-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 62%CPEs: 1EXPL: 3CVE-2015-4133 – ReFlex Gallery » WordPress Photo Gallery < 3.1.4 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2015-4133
16 Mar 2015 — Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory. Vulnerabilidad de la subida de ficheros sin restricciones en admin/scripts/FileUploader/php.php en el plugin ReFlex Gallery anterior a 3.1.4 para WordPress permite a atacantes remotos ejecutar código PHP arbit... • https://www.exploit-db.com/exploits/36809 • CWE-434: Unrestricted Upload of File with Dangerous Type •