Photo Gallery Slideshow & Masonry Tiled Gallery Security Vulnerabilities

CVE-2023-45051

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Image vertical reel scroll slideshow plugin <= 9.0...

CVE-2023-45051

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Image vertical reel scroll slideshow plugin <= 9.0...

Cross site scripting

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Image vertical reel scroll slideshow plugin <= 9.0...

CVE-2023-45051 WordPress Image vertical reel scroll slideshow Plugin <= 9.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Image vertical reel scroll slideshow plugin &lt;= 9.0...

WordPress NextGEN Gallery Plugin < 3.39 Multiple Vulnerabilities

The WordPress...

Contest Gallery < 13.1.0.6 - SQL injection

The plugin does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users...

Gallery Photoblocks < 1.1.43 - Cross-Site Scripting

The Gallery PhotoBlocks WordPress plugin was affected by an Authenticated Reflected XSS security...

Responsive Image Gallery, Gallery Album <= 2.0.3 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...

Post Gallery <= 2.3.12 - Arbitrary Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...

CVE-2023-3154

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...

CVE-2023-3155

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...

CVE-2023-3154

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...

CVE-2023-3279

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI...

CVE-2023-3155

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...

CVE-2023-3279

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI...

Design/Logic Flaw

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI...

Design/Logic Flaw

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...

Deserialization of untrusted data

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...

CVE-2023-3279 NextGEN Gallery < 3.39 - Admin+ Local File Inclusion

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI...

CVE-2023-3155 NextGEN Gallery < 3.39 - Admin+ Arbitrary File Read and Delete

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...

CVE-2023-3154 NextGEN Gallery < 3.39 - Admin+ PHAR Deserialization

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the...

CVE-2023-45752

Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gallery plugin &lt;= 2.3.12...

CVE-2023-45752

Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gallery plugin &lt;= 2.3.12...

Cross site request forgery (csrf)

Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gallery plugin &lt;= 2.3.12...

CVE-2023-45752 WordPress Post Gallery Plugin <= 2.3.12 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gallery plugin &lt;= 2.3.12...

CVE-2023-45629

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin &lt;= 2.0.3...

CVE-2023-45629

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin &lt;= 2.0.3...

Cross site request forgery (csrf)

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin &lt;= 2.0.3...

CVE-2023-45629 WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin &lt;= 2.0.3...

Fedora 37 : golang-x-image (2023-c862a1e289)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c862a1e289 advisory. An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to...

Fedora 38 : golang-x-image (2023-4d95d44e7b)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4d95d44e7b advisory. An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to...

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 2, 2023 to October 8, 2023)

Last week, there were 92 vulnerabilities disclosed in 88 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

WP Gallery Metabox <= 1.0.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...

Video Gallery & Management < 3.3.6 - Settings Update via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...

CVE-2023-41876

Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin &lt;= 1.0.0...

CVE-2023-41876

Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin &lt;= 1.0.0...

Cross site request forgery (csrf)

Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin &lt;= 1.0.0...

CVE-2023-41876 WordPress WP Gallery Metabox Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin &lt;= 1.0.0...

Responsive Gallery Grid <= 2.3.10 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...

Coppermine Gallery 1.6.25 Remote Code Execution

...

CVE-2023-44393

Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here] page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS....

CVE-2023-44393

Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here] page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS....

CVE-2023-44393

Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here] page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS....

Cross site scripting

Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here] page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS....

CVE-2023-44393 Piwigo Reflected XSS vulnerability

Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here] page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS....

Coppermine Gallery 1.6.25 - Remote Code Execution Vulnerability

...

Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. PoC 1. Use a proxy such as BurpSuite to add the following header to all requests: X-Forwarded-For: 11.11.11.11 2. Create a...

Coppermine Gallery 1.6.25 - RCE

...

Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers

Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain...

CVE-2023-44233

Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin &lt;= 2.2.44...