2 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The reflex-gallery plugin before 1.4.3 for WordPress has XSS. El plugin reflex-gallery anterior a 1.4.3 para WordPress tiene XSS. The reflex-gallery plugin before 1.4.3 for WordPress has XSS via Edit Content URL field. • https://wordpress.org/plugins/reflex-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 84%CPEs: 1EXPL: 3

Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory. Vulnerabilidad de la subida de ficheros sin restricciones en admin/scripts/FileUploader/php.php en el plugin ReFlex Gallery anterior a 3.1.4 para WordPress permite a atacantes remotos ejecutar código PHP arbitrario mediante la subida de un fichero con una extensión PHP, posteriormente accediendo a ello a través de una solicitud directa al fichero en el directorio uploads/. • https://www.exploit-db.com/exploits/36809 http://osvdb.org/show/osvdb/88853 http://packetstormsecurity.com/files/130845 http://packetstormsecurity.com/files/131515 http://www.securityfocus.com/bid/57100 https://wordpress.org/plugins/reflex-gallery/changelog https://wpvulndb.com/vulnerabilities/7867 - • CWE-434: Unrestricted Upload of File with Dangerous Type •