Vulnerabilities > Codeasily > Grand Flagallery
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-28 | CVE-2021-24903 | Unspecified vulnerability in Codeasily Grand Flagallery The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
| 2017-10-18 | CVE-2014-8491 | Information Exposure vulnerability in Codeasily Grand Flagallery 1.56 The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php. | 5.3 |