Really Simple Gallery

13 Mar 2017

Cross-Site Request Forgery (CSRF)/Arbitrary File Upload Vulnerability in Really Simple Gallery

While looking in to a report of a reflected cross-site scripting vulnerability in the plugin Really Simple Gallery we noticed that there is also cross-site request forgery (CSRF)/arbitrary file upload vulnerability in it.

When uploading a file through the plugin’s settings page there is no check for a valid nonce to protect against CSRF, as seen in the file /reallysimplegallery.php starting on line 90: [Read more]

27 Feb 2017

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Really Simple Gallery

Two weeks ago a user, yuyang998, on the wordpress.org Support Forum disclosed that the plugin Really Simple Gallery has a reflected cross-site scripting (XSS) vulnerability. On the thread for one of their others disclosures, we asked if they would be disclosing the details of them somewhere and didn’t get an answer in their response, so we will go ahead and provide the details of what appears to be the vulnerability that they were referring to.

…

[Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: Really Simple Gallery

Cross-Site Request Forgery (CSRF)/Arbitrary File Upload Vulnerability in Really Simple Gallery

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Really Simple Gallery