CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7482 – ReFlex Gallery < 1.4.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-7482
The reflex-gallery plugin before 1.4.3 for WordPress has XSS. El plugin reflex-gallery anterior a 1.4.3 para WordPress tiene XSS. The reflex-gallery plugin before 1.4.3 for WordPress has XSS via Edit Content URL field. • https://wordpress.org/plugins/reflex-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 83%CPEs: 1EXPL: 4CVE-2015-4133 – Wordpress Reflex Gallery Upload Vulnerability
https://notcve.org/view.php?id=CVE-2015-4133
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory. Vulnerabilidad de la subida de ficheros sin restricciones en admin/scripts/FileUploader/php.php en el plugin ReFlex Gallery anterior a 3.1.4 para WordPress permite a atacantes remotos ejecutar código PHP arbitrario mediante la subida de un fichero con una extensión PHP, posteriormente accediendo a ello a través de una solicitud directa al fichero en el directorio uploads/. • https://www.exploit-db.com/exploits/36809 http://osvdb.org/show/osvdb/88853 http://packetstormsecurity.com/files/130845 http://packetstormsecurity.com/files/131515 http://www.securityfocus.com/bid/57100 https://wordpress.org/plugins/reflex-gallery/changelog https://wpvulndb.com/vulnerabilities/7867 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/wp_reflexgallery_file_upload.rb • CWE-434: Unrestricted Upload of File with Dangerous Type •