Lucene search

CVE-2021-24462

🗓️ 02 Aug 2021 11:09:15Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 30 Views🌐 3 Media mentions

The Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 allows SQL injection via the orderby parameter in the admin dashboard

Reporter	Title	Published	Views	Family All 6
NVD	CVE-2021-24462	2 Aug 202111:15	–	nvd
Patchstack	WordPress Photo Gallery by Ays plugin <= 4.4.3 - Authenticated Blind SQL Injection (SQLi) vulnerability	29 Jun 202100:00	–	patchstack
WPVulnDB	Photo Gallery by Ays - Responsive Image Gallery < 4.4.4 - Authenticated Blind SQL Injections	29 Jun 202100:00	–	wpvulndb
wpexploit	Photo Gallery by Ays - Responsive Image Gallery < 4.4.4 - Authenticated Blind SQL Injections	29 Jun 202100:00	–	wpexploit
Cvelist	CVE-2021-24462 Photo Gallery by Ays - Responsive Image Gallery < 4.4.4 - Authenticated Blind SQL Injections	2 Aug 202110:32	–	cvelist
Prion	Sql injection	2 Aug 202111:15	–	prion

Nvd

Vulners

Node

ays-pro photo_galleryRange<4.4.4wordpress

[
  {
    "product": "Photo Gallery by Ays – Responsive Image Gallery",
    "vendor": "Ays Pro",
    "versions": [
      {
        "lessThan": "4.4.4",
        "status": "affected",
        "version": "4.4.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/e24dac6d-de48-42c1-bdde-4a45fb331376

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

02 Aug 2021 11:15Current

9.1High risk

Vulners AI Score9.1

CVSS26.5

CVSS38.8

EPSS0.001

CWE-89