Tyler Miller

**Name of the Vulnerable Software and Affected Versions** GRAND FlaGallery WordPress plugin versions 6.1.2 and earlier **Description** The issue concerns the lack of proper sanitization and escaping of certain gallery settings, potentially allowing high-privilege users to perform Cross-Site scripting attacks, even when the unfiltered html capability is disallowed. **Recommendations** For GRAND FlaGallery WordPress plugin versions 6.1.2 and earlier, update to a version that properly sanitizes and escapes gallery settings to prevent Cross-Site scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 13.1.0.6 Description: The issue allows unauthenticated attackers to perform SQL injection attacks and obtain a list of all users registered on the blog, including their username and email address. This is due to the lack of capability checks and the failure to sanitise or escape the `cg-search-user-name-original` parameter before using it in a SQL statement when exporting users from a gallery. Recommendations: For versions prior to 13.1.0.6, update to version 13.1.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the user export functionality in the Contest Gallery plugin to minimize the risk of exploitation. Avoid using the `cg-search-user-name-original` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Slideshow Gallery WordPress plugin versions prior to 1.7.4 Description: The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping in the Slide `Title`, `Description`, and Gallery `Title` fields, even when the unfiltered html is disallowed. Recommendations: For versions prior to 1.7.4, update to version 1.7.4 or later to resolve the issue.