The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.7AI Score
0.0004EPSS
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
7.6AI Score
0.0004EPSS
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save action in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.8AI Score
0.0004EPSS
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.8AI Score
0.0004EPSS
The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data...
5.3CVSS
5.3AI Score
0.082EPSS
6.5CVSS
6.8AI Score
0.0005EPSS
6.5CVSS
9AI Score
0.0005EPSS
6.5CVSS
7AI Score
0.0005EPSS
6.5CVSS
7.3AI Score
0.0005EPSS
The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
7.6AI Score
0.0004EPSS
The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.4AI Score
0.0004EPSS
CVE-2024-1664 Responsive Gallery Grid < 2.3.11 - Admin+ Stored XSS
The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.5AI Score
0.0004EPSS
Description The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP...
7.2CVSS
7.2AI Score
0.0004EPSS
Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12272)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12272 advisory. [5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug:...
8.4AI Score
EPSS
Essential Grid < 3.1.2 - Unauthenticated Private Post Disclosure
Description The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password...
5.3CVSS
6.8AI Score
0.0004EPSS
KLA65507 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in...
9CVSS
9.2AI Score
0.001EPSS
FooGallery < 2.4.15 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Best WordPress Gallery Plugin – FooGallery plugin is vulnerable to Stored Cross-Site Scripting via the foogallery_attachment_modal_save...
6.4CVSS
6AI Score
0.0004EPSS
Photo Gallery by 10Web < 1.8.22 - Admin+ Stored XSS via SVG
Description The plugin is vulnerable to Stored Cross-Site Scripting via SVG file uploads due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute...
5.5CVSS
5.8AI Score
0.0004EPSS
Description The WordPress Gallery Plugin – NextGEN Gallery plugin is vulnerable to unauthorized access of data due to a missing capability check on the get_item function. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image...
5.3CVSS
6.6AI Score
0.082EPSS
Element Pack Elementor Addons < 5.3.3 - Contributor+ Stored XSS via Custom Gallery Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the image URL parameter of the Custom Gallery Widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web...
6.4CVSS
5.8AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Enumerate Branch...
8.2AI Score
EPSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.5CVSS
5.6AI Score
0.0004EPSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.5CVSS
5.1AI Score
0.0004EPSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.5CVSS
5.8AI Score
0.0004EPSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
5.5CVSS
5.2AI Score
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to...
6.4CVSS
5.7AI Score
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to...
6.4CVSS
6.1AI Score
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to...
6.4CVSS
5.8AI Score
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to...
6.4CVSS
5.8AI Score
0.0004EPSS
The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel widget in all versions up to, and including, 2.6.3 due to...
6.4CVSS
5.7AI Score
0.0004EPSS
The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel widget in all versions up to, and including, 2.6.3 due to...
6.4CVSS
7.6AI Score
0.0004EPSS
The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel widget in all versions up to, and including, 2.6.3 due to...
6.4CVSS
5.8AI Score
0.0004EPSS
The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel widget in all versions up to, and including, 2.6.3 due to...
6.4CVSS
5.8AI Score
0.0004EPSS
The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields (such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type') in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping....
6.4CVSS
7.6AI Score
0.0004EPSS
Description The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel widget in all versions up to, and including,...
6.4CVSS
5.8AI Score
0.0004EPSS
Description The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for.....
6.4CVSS
5.8AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 405 vulnerabilities disclosed in 320...
10CVSS
9.7AI Score
EPSS
Description The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.5CVSS
6.9AI Score
0.0004EPSS
Responsive Image Gallery, Gallery Album <= 2.0.3 - Reflected Cross-Site Scripting
Description The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary.....
7.1CVSS
6.3AI Score
0.0004EPSS
Easy Social Feed < 6.5.7 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...
4.3CVSS
5.6AI Score
0.0004EPSS
Contest Gallery < 21.3.6 - Reflected Cross-Site Scripting
Description The Contest Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 21.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
7.1CVSS
6.3AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. It has been classified as critical. This affects an unknown part of the file /endpoint/add-image.php. The manipulation of the argument image_name leads to unrestricted upload. It is possible to initiate the attack...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. It has been classified as critical. This affects an unknown part of the file /endpoint/add-image.php. The manipulation of the argument image_name leads to unrestricted upload. It is possible to initiate the attack...
6.3CVSS
6.4AI Score
0.0004EPSS
CVE-2024-3129 SourceCodester Image Accordion Gallery App add-image.php unrestricted upload
A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. It has been classified as critical. This affects an unknown part of the file /endpoint/add-image.php. The manipulation of the argument image_name leads to unrestricted upload. It is possible to initiate the attack...
6.3CVSS
6.7AI Score
0.0004EPSS
Photo Gallery by Ays < 5.5.3 - Reflected Cross-Site Scripting
Description The Photo Gallery by Ays plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
7.1CVSS
6.5AI Score
0.0004EPSS
Photo Gallery by Supsystic < 1.15.17 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Photo Gallery by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.15.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9CVSS
5.9AI Score
0.0004EPSS
Description The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.5CVSS
5.8AI Score
0.0004EPSS
Description The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on....
5.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Reflected XSS.This issue affects Responsive Image Gallery, Gallery Album: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Reflected XSS.This issue affects Responsive Image Gallery, Gallery Album: from n/a through...
7.1CVSS
9.3AI Score
0.0004EPSS