Deserialization of untrusted data
The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the duplicate_gallery function. This makes it...
8.8CVSS
8.6AI Score
0.0004EPSS
The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the duplicate_gallery function. This makes it...
8.8CVSS
8.9AI Score
0.0004EPSS
The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated.....
8.8CVSS
9AI Score
0.0004EPSS
The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated.....
8.8CVSS
8.8AI Score
0.0004EPSS
Deserialization of untrusted data
The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated.....
8.8CVSS
7.4AI Score
0.0004EPSS
The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated.....
8.8CVSS
8.9AI Score
0.0004EPSS
The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated.....
8.8CVSS
7.1AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through...
4.3CVSS
4.6AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through...
4.3CVSS
4.6AI Score
0.0004EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through...
4.3CVSS
7.2AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through...
4.3CVSS
7AI Score
0.0004EPSS
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and...
5.4CVSS
5AI Score
0.0004EPSS
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and...
5.4CVSS
5.6AI Score
0.0004EPSS
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
4.3AI Score
0.0004EPSS
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
5AI Score
0.0004EPSS
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
6AI Score
0.0004EPSS
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and...
5.4CVSS
6AI Score
0.0004EPSS
Description The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for...
8.8CVSS
7.4AI Score
0.0004EPSS
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 78 vulnerabilities disclosed in 63...
10CVSS
9.2AI Score
0.001EPSS
A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text...
5.6AI Score
0.0004EPSS
A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text...
5.7AI Score
0.0004EPSS
A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text...
5.8AI Score
0.0004EPSS
A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text...
5.7AI Score
0.0004EPSS
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and...
5.4CVSS
5.2AI Score
0.0004EPSS
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
4.4CVSS
4.5AI Score
0.0004EPSS
November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715)
November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715) UPDATED 2/27/24 IMPORTANT: New dates for the end of non-security updates for Windows 11, version 22H2The new end date is June 24, 2025 for Windows 11, version 22H2 Enterprise, Education, IoT Enterprise, and Enterprise multi-session.....
9.8CVSS
8.2AI Score
0.57EPSS
InPost Gallery Plugin for WordPress < 2.1.4.2 Cross-Site Scripting
The WordPress InPost Gallery Plugin installed on the remote host is affected by an authenticated reflected Cross-Site Scripting (XSS) in the imgurl parameter of the add_inpost_gallery_slide_item action. Note that the scanner has not tested for these issues but has instead relied only on the...
6.3AI Score
Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service...
6.7AI Score
0.0004EPSS
Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service...
6.5AI Score
0.0004EPSS
Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service...
7.3AI Score
0.0004EPSS
Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service...
6.8AI Score
0.0004EPSS
9.8CVSS
7.2AI Score
0.006EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 5, 2024 to February 11, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 95 vulnerabilities disclosed in 65...
10CVSS
9AI Score
0.154EPSS
Best WordPress Gallery Plugin – FooGallery < 2.4.9 -Admin+ Stored Cross-Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...
4.4CVSS
5.9AI Score
0.0004EPSS
Photos and Files Contest Gallery < 21.3.1 - Author+ Stored Cross Site Scripting
Description The plugin does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks. PoC 1. Add a New gallery, and click on the "Add files" button to add content. 2. Now add a description for this content with the XSS...
5.3AI Score
0.0004EPSS
Photos and Files Contest Gallery < 21.3.1 - Author+ Stored Cross Site Scripting
Description The plugin does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting...
6.1AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for...
5.4CVSS
6.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for...
5.4CVSS
5.5AI Score
0.0004EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for...
5.4CVSS
7.2AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for...
5.4CVSS
5.8AI Score
0.0004EPSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above....
5.6AI Score
0.0004EPSS
QNAP Photo Station OS Command Injection (QSA-24-08)
The version of Photo Station running on the remote QNAP NAS is affected by an OS command injection vulnerability. If exploited, the vulnerability could allow authenticated users to execute commands via a network. Note that Nessus has not tested for these issues but has instead relied only on the...
8.8CVSS
6.9AI Score
0.0005EPSS
ACF Photo Gallery Field < 2.7 - Missing Authorization
Description The plugin is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function, allowing authenticated attackers, with subscriber access and above, to access the unprotected...
9.2AI Score
0.0004EPSS
Description The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and....
5.9AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 29, 2024 to February 4, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 122 vulnerabilities disclosed in 110...
9.8CVSS
9.5AI Score
EPSS
Contest Gallery < 21.2.9 - Cross-Site Request Forgery
Description The Contest Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 21.2.8.4. This is due to missing or incorrect nonce validation in the prev10/prev10-admin/gallery/gallery.php file. This makes it possible for unauthenticated...
6.3AI Score
0.0004EPSS
The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output...
5.4CVSS
5.6AI Score
0.0004EPSS
The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output...
5.4CVSS
4.5AI Score
0.0004EPSS
The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output...
5.4CVSS
6AI Score
0.0004EPSS