4 matches found
CVE-2024-13833
The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject ...
WordPress Album Gallery – WordPress Gallery plugin <= 1.6.3 - Authenticated (Editor+) PHP Object Injection via Gallery Meta vulnerability
Authenticated Editor+ PHP Object Injection via Gallery Meta vulnerability discovered by Francesco Carlucci in WordPress Plugin Album Gallery – WordPress Gallery versions = 1.6.3...
WordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Album Gallery – WordPress Gallery versions = 1.5.7...
WordPress Plugin GRAND FlAGallery 1.57 - flagshow.php Cross-Site Scripting
WordPress Plugin GRAND FlAGallery 1.57 - flagshow.php Cross-Site Scripting source: https://www.securityfocus.com/bid/51012/info GRAND FlAGallery plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverag...