wp-plugin : fixedly – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : fixedly


Effected Version : 1.3.1 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Anant Shrivastava



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :



Vulnerable Parameter : template_id


Type of XSS : Reflected


Disclosure Timeline


Vendor Contacted : 2014-01-04

Plugin Status : Closed
Public Disclosure : July 7, 2014
CVE Number : Not assigned yet

Plugin Description :
Fixedly Media Gallery is WordPress plugin that can help you create and integrate, easily and quickly your next video, image or
slideshow gallery into your pages and posts. Within 3 easy steps you can create and insert a gallery to your next post.
Check out our [Screencast page](http://www.fixedly.net/screencasts/ "Screencast page") to learn more on how to use the plugin.

Be sure that you have `` function included into your WordPress theme header file otherwise the Fixedly Media Gallery won't work.

= Shortag =


= Options =

* *id* - the ID of the gallery you want to insert (**required**)
* *template_id* - overwrite the default gallery template (optional)

(e.g. if you would like to have same gallery on different pages with different template style)

1 - default, 2 - default_thumbnails, 3 - content_left, 4 - content_right, 5 - content_top, 6 - content_bottom, 7 - content_left_thumbnails, 8 - content_right_thumbnails, 9 - gallery

= Examples =

`[fixedly-media-gallery id="1"]`
`[fixedly-media-gallery id="1" template_id="4"]`

= PHP Code =

Here is the code if you want to add the gallery directly into your PHP templates.


Another way to add gallery into your PHP templates is by using the `` function.


Leave a Reply

Your email address will not be published. Required fields are marked *