Description
WordPress Plugin Gallery-Flagallery Photo Portfolio is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Gallery-Flagallery Photo Portfolio version 4.24 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.25 or latest
References
https://research.g0blin.co.uk/cve-2014-8491/
https://wordpress.org/plugins/flash-album-gallery/changelog/
Related Vulnerabilities
Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.9.19)
WordPress Plugin Attendance Manager Multiple Vulnerabilities (0.5.6)
WordPress Plugin WordPress Download Manager 'cid' Parameter Cross-Site Scripting (2.2.2)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-10545)