Vulnerabilities > Codeasily
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-16 | CVE-2022-0873 | Cross-site Scripting vulnerability in Codeasily Gmedia Gallery The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed | 3.5 |
| 2022-02-28 | CVE-2021-24903 | Cross-site Scripting vulnerability in Codeasily Grand Flagallery The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. | 3.5 |
| 2017-10-18 | CVE-2014-8491 | Information Exposure vulnerability in Codeasily Grand Flagallery 1.56 The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php. | 5.0 |
| 2014-10-01 | CVE-2011-4624 | Cross-Site Scripting vulnerability in Codeasily Grand Flagallery 1.56 Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. | 4.3 |