CVE-2013-3261
WordPress GRAND FlAGallery <2.72 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action.
Scores
EPSS
0.0027
EPSS Percentile
50.3%
Details
CWE
CWE-79
Status
published
Products (50)
photogallerycreator/flash-album-gallery
< 2.71
photogallerycreator/flash-album-gallery
photogallerycreator/flash-album-gallery
photogallerycreator/flash-album-gallery
photogallerycreator/flash-album-gallery
photogallerycreator/flash-album-gallery
photogallerycreator/flash-album-gallery
photogallerycreator/flash-album-gallery
photogallerycreator/flash-album-gallery
photogallerycreator/flash-album-gallery
... and 40 more
Published
Jun 01, 2013
Tracked Since
Feb 18, 2026