The plugin does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.
Create/edit a gallery and put the following payload in the “Back Button Text” setting, then publish it: "> The XSS will be triggered when accessing the gallery setting again, as well as in page/s where the Gallery is embed
CPE | Name | Operator | Version |
---|---|---|---|
flash-album-gallery | eq | * |