Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Image vertical reel scroll slideshow plugin <= 9.0...
5.9CVSS
4.9AI Score
0.0004EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Image vertical reel scroll slideshow plugin <= 9.0...
4.8CVSS
5.4AI Score
0.0004EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Image vertical reel scroll slideshow plugin <= 9.0...
4.8CVSS
4.8AI Score
0.0004EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Image vertical reel scroll slideshow plugin <= 9.0...
5.9CVSS
5.5AI Score
0.0004EPSS
7.5CVSS
6.9AI Score
0.001EPSS
Contest Gallery < 13.1.0.6 - SQL injection
The plugin does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users...
9.8CVSS
9.7AI Score
0.397EPSS
Gallery Photoblocks < 1.1.43 - Cross-Site Scripting
The Gallery PhotoBlocks WordPress plugin was affected by an Authenticated Reflected XSS security...
4.8CVSS
5AI Score
0.001EPSS
Responsive Image Gallery, Gallery Album <= 2.0.3 - Arbitrary Settings Update via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...
8.8CVSS
6.5AI Score
0.001EPSS
Post Gallery <= 2.3.12 - Arbitrary Settings Update via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...
8.8CVSS
6.5AI Score
0.001EPSS
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...
7.5CVSS
7.4AI Score
0.001EPSS
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...
7.2CVSS
6.9AI Score
0.001EPSS
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...
7.5CVSS
7.5AI Score
0.001EPSS
The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI...
4.9CVSS
5.3AI Score
0.0005EPSS
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...
7.2CVSS
7AI Score
0.001EPSS
The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI...
4.9CVSS
5AI Score
0.0005EPSS
The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI...
4.9CVSS
5AI Score
0.0005EPSS
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...
7.2CVSS
6.9AI Score
0.001EPSS
Deserialization of untrusted data
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...
7.5CVSS
7.5AI Score
0.001EPSS
CVE-2023-3279 NextGEN Gallery < 3.39 - Admin+ Local File Inclusion
The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI...
6AI Score
0.0005EPSS
CVE-2023-3155 NextGEN Gallery < 3.39 - Admin+ Arbitrary File Read and Delete
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...
7.2AI Score
0.001EPSS
CVE-2023-3154 NextGEN Gallery < 3.39 - Admin+ PHAR Deserialization
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...
7.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gallery plugin <= 2.3.12...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gallery plugin <= 2.3.12...
8.8CVSS
5.8AI Score
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gallery plugin <= 2.3.12...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gallery plugin <= 2.3.12...
4.3CVSS
9AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3...
8.8CVSS
6.5AI Score
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3...
5.4CVSS
9AI Score
0.001EPSS
Fedora 37 : golang-x-image (2023-c862a1e289)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c862a1e289 advisory. An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to...
6.5CVSS
7AI Score
0.001EPSS
Fedora 38 : golang-x-image (2023-4d95d44e7b)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4d95d44e7b advisory. An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to...
6.5CVSS
7AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 2, 2023 to October 8, 2023)
Last week, there were 92 vulnerabilities disclosed in 88 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
8.8CVSS
7.7AI Score
EPSS
WP Gallery Metabox <= 1.0.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...
8.8CVSS
6.4AI Score
0.001EPSS
Video Gallery & Management < 3.3.6 - Settings Update via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...
8.8CVSS
6.5AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0...
8.8CVSS
5.8AI Score
0.001EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0...
4.3CVSS
9AI Score
0.001EPSS
Responsive Gallery Grid <= 2.3.10 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...
8.8CVSS
6.4AI Score
0.001EPSS
7.1AI Score
Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here] page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS....
9.3CVSS
5.9AI Score
0.0005EPSS
Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here] page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS....
6.1CVSS
8.4AI Score
0.0005EPSS
Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here] page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS....
9.3CVSS
6AI Score
0.0005EPSS
Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here] page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS....
6.1CVSS
6AI Score
0.0005EPSS
CVE-2023-44393 Piwigo Reflected XSS vulnerability
Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here] page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS....
9.3CVSS
8.5AI Score
0.0005EPSS
7.1AI Score
Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. PoC 1. Use a proxy such as BurpSuite to add the following header to all requests: X-Forwarded-For: 11.11.11.11 2. Create a...
6.1CVSS
6.1AI Score
0.001EPSS
7.4AI Score
Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain...
6.1CVSS
6.1AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin <= 2.2.44...
8.8CVSS
8.8AI Score
0.001EPSS