VIR Vulnerability Intelligence Relay

CVE-2013-3261

medium
Published 2013-06-01 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
4.3

Description

Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter in a flag-manage-gallery action.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
photogallerycreatorflash-album-gallery{"endIncluding":"2.71"}
photogallerycreatorflash-album-gallery0.29
photogallerycreatorflash-album-gallery0.32
photogallerycreatorflash-album-gallery0.33
photogallerycreatorflash-album-gallery0.34
photogallerycreatorflash-album-gallery0.35
photogallerycreatorflash-album-gallery0.36
photogallerycreatorflash-album-gallery0.37
photogallerycreatorflash-album-gallery0.38
photogallerycreatorflash-album-gallery0.39
photogallerycreatorflash-album-gallery0.40
photogallerycreatorflash-album-gallery0.41
photogallerycreatorflash-album-gallery0.42
photogallerycreatorflash-album-gallery0.43
photogallerycreatorflash-album-gallery0.44
photogallerycreatorflash-album-gallery0.45
photogallerycreatorflash-album-gallery0.46
photogallerycreatorflash-album-gallery0.49
photogallerycreatorflash-album-gallery0.50
photogallerycreatorflash-album-gallery0.52
photogallerycreatorflash-album-gallery0.53
photogallerycreatorflash-album-gallery0.54
photogallerycreatorflash-album-gallery0.55
photogallerycreatorflash-album-gallery0.56
photogallerycreatorflash-album-gallery0.57
photogallerycreatorflash-album-gallery0.58
photogallerycreatorflash-album-gallery0.59
photogallerycreatorflash-album-gallery0.60
photogallerycreatorflash-album-gallery0.61
photogallerycreatorflash-album-gallery1.11
photogallerycreatorflash-album-gallery1.12
photogallerycreatorflash-album-gallery1.13
photogallerycreatorflash-album-gallery1.20
photogallerycreatorflash-album-gallery1.21
photogallerycreatorflash-album-gallery1.22
photogallerycreatorflash-album-gallery1.23
photogallerycreatorflash-album-gallery1.31
photogallerycreatorflash-album-gallery1.32
photogallerycreatorflash-album-gallery1.33
photogallerycreatorflash-album-gallery1.40
photogallerycreatorflash-album-gallery1.41
photogallerycreatorflash-album-gallery1.42
photogallerycreatorflash-album-gallery1.43
photogallerycreatorflash-album-gallery1.44
photogallerycreatorflash-album-gallery1.45
photogallerycreatorflash-album-gallery1.47
photogallerycreatorflash-album-gallery1.48
photogallerycreatorflash-album-gallery1.49
photogallerycreatorflash-album-gallery1.50
photogallerycreatorflash-album-gallery1.51
photogallerycreatorflash-album-gallery1.52
photogallerycreatorflash-album-gallery1.53
photogallerycreatorflash-album-gallery1.54
photogallerycreatorflash-album-gallery1.55
photogallerycreatorflash-album-gallery1.56
photogallerycreatorflash-album-gallery1.57
photogallerycreatorflash-album-gallery1.58
photogallerycreatorflash-album-gallery1.59
photogallerycreatorflash-album-gallery1.60
photogallerycreatorflash-album-gallery1.61
photogallerycreatorflash-album-gallery1.62
photogallerycreatorflash-album-gallery1.63
photogallerycreatorflash-album-gallery1.64
photogallerycreatorflash-album-gallery1.65
photogallerycreatorflash-album-gallery1.66
photogallerycreatorflash-album-gallery1.67
photogallerycreatorflash-album-gallery1.70
photogallerycreatorflash-album-gallery1.71
photogallerycreatorflash-album-gallery1.72
photogallerycreatorflash-album-gallery1.73
photogallerycreatorflash-album-gallery1.74
photogallerycreatorflash-album-gallery1.75
photogallerycreatorflash-album-gallery1.76
photogallerycreatorflash-album-gallery1.77
photogallerycreatorflash-album-gallery1.78
photogallerycreatorflash-album-gallery1.79
photogallerycreatorflash-album-gallery1.80
photogallerycreatorflash-album-gallery1.81
photogallerycreatorflash-album-gallery1.82
photogallerycreatorflash-album-gallery1.83
photogallerycreatorflash-album-gallery1.84
photogallerycreatorflash-album-gallery1.85
photogallerycreatorflash-album-gallery1.90
photogallerycreatorflash-album-gallery2.00
photogallerycreatorflash-album-gallery2.10
photogallerycreatorflash-album-gallery2.11
photogallerycreatorflash-album-gallery2.12
photogallerycreatorflash-album-gallery2.14
photogallerycreatorflash-album-gallery2.15
photogallerycreatorflash-album-gallery2.16
photogallerycreatorflash-album-gallery2.17
photogallerycreatorflash-album-gallery2.18
photogallerycreatorflash-album-gallery2.50
photogallerycreatorflash-album-gallery2.51
photogallerycreatorflash-album-gallery2.52
photogallerycreatorflash-album-gallery2.53
photogallerycreatorflash-album-gallery2.54
photogallerycreatorflash-album-gallery2.55
photogallerycreatorflash-album-gallery2.56
photogallerycreatorflash-album-gallery2.70
wordpress wordpresswordpress-

References

CWEs

CWE-79

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.