Photo Gallery Slideshow & Masonry Tiled Gallery Security Vulnerabilities

Deserialization of untrusted data

The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the duplicate_gallery function. This makes it...

CVE-2024-0825

The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the duplicate_gallery function. This makes it...

CVE-2024-1859

The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated.....

CVE-2024-1859

The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated.....

Deserialization of untrusted data

The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated.....

CVE-2024-1859

The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated.....

CVE-2024-1859

The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated.....

CVE-2023-51530

Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through...

CVE-2023-51530

Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through...

Cross site request forgery (csrf)

Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through...

CVE-2023-51530 WordPress GS Logo Slider Plugin <= 3.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through...

CVE-2023-51530 WordPress GS Logo Slider Plugin <= 3.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through...

CVE-2024-1171

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and...

CVE-2024-1171

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and...

CVE-2024-0604

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-0604

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Cross site scripting

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

Cross site scripting

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and...

Slider Responsive Slideshow – Image slider, Gallery slideshow < 1.4.0 - Authenticated (Contributor+) PHP Object Injection

Description The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 12, 2024 to February 18, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 78 vulnerabilities disclosed in 63...

CVE-2024-26491

A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text...

CVE-2024-26491

A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text...

Cross site scripting

A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text...

CVE-2024-26491

A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text...

CVE-2024-1171

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and...

CVE-2024-0604

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715)

November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715) UPDATED 2/27/24 IMPORTANT: New dates for the end of non-security updates for Windows 11, version 22H2The new end date is June 24, 2025 for Windows 11, version 22H2 Enterprise, Education, IoT Enterprise, and Enterprise multi-session.....

InPost Gallery Plugin for WordPress < 2.1.4.2 Cross-Site Scripting

The WordPress InPost Gallery Plugin installed on the remote host is affected by an authenticated reflected Cross-Site Scripting (XSS) in the imgurl parameter of the add_inpost_gallery_slide_item action. Note that the scanner has not tested for these issues but has instead relied only on the...

CVE-2023-52376

Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service...

CVE-2023-52376

Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service...

Information disclosure

Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service...

CVE-2023-52376

Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service...

Exploit for Vulnerability in Microsoft

...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 5, 2024 to February 11, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 95 vulnerabilities disclosed in 65...

Best WordPress Gallery Plugin – FooGallery < 2.4.9 -Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...

Photos and Files Contest Gallery < 21.3.1 - Author+ Stored Cross Site Scripting

Description The plugin does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks. PoC 1. Add a New gallery, and click on the "Add files" button to add content. 2. Now add a description for this content with the XSS...

Photos and Files Contest Gallery < 21.3.1 - Author+ Stored Cross Site Scripting

Description The plugin does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting...

CVE-2024-24887

Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for...

CVE-2024-24887

Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for...

Cross site request forgery (csrf)

Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for...

CVE-2024-24887 WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for...

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.9 - Contributor+ Stored Cross-Site Scripting via Filterable Gallery

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above....

QNAP Photo Station OS Command Injection (QSA-24-08)

The version of Photo Station running on the remote QNAP NAS is affected by an OS command injection vulnerability. If exploited, the vulnerability could allow authenticated users to execute commands via a network. Note that Nessus has not tested for these issues but has instead relied only on the...

ACF Photo Gallery Field < 2.7 - Missing Authorization

Description The plugin is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function, allowing authenticated attackers, with subscriber access and above, to access the unprotected...

Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) < 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and....

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 29, 2024 to February 4, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 122 vulnerabilities disclosed in 110...

Contest Gallery < 21.2.9 - Cross-Site Request Forgery

Description The Contest Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 21.2.8.4. This is due to missing or incorrect nonce validation in the prev10/prev10-admin/gallery/gallery.php file. This makes it possible for unauthenticated...

CVE-2024-0977

The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output...

CVE-2024-0977

The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output...

Cross site scripting

The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output...