23 matches found
CVE-2026-5347
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...
WordPress WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes plugin <= 4.6.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Books Gallery versions = 4.6.8...
CVE-2026-5347
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...
EUVD-2026-25398
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...
CVE-2026-5347
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...
CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...
CVE-2026-5347
The HM Books Gallery WordPress plugin is affected up to version 4.8.0 by Missing Authorization to unauthenticated settings updates. The vulnerability resides in the admin_init hook that processes permalink settings updates (lines around 205–209 in wp-books-gallery.php), where the code only checks...
CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admininit hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...
WordPress plugin HM Books Gallery 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-34854
The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admin init hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...
WordPress WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes plugin <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update vulnerability
Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Books Gallery versions = 4.8.0...
EUVD-2023-27791
Malicious code in bioql PyPI...
CVE-2023-23705
Cross-Site Request Forgery CSRF vulnerability in HM Plugin WordPress Books Gallery plugin = 4.4.8 versions...
WordPress Books Gallery Plugin < 4.5.4 is vulnerable to Cross Site Scripting (XSS)
Software Books Gallery Type Plugin Vulnerable versions 4.5.4 Fixed in 4.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 55f3f36010fc Credits Rafie Muhammad Patchstack Required...
CVE-2023-23705
Cross-Site Request Forgery CSRF vulnerability in HM Plugin WordPress Books Gallery plugin = 4.4.8 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in HM Plugin WordPress Books Gallery plugin = 4.4.8 versions...
CVE-2023-23705
CVE-2023-23705 affects the HM Plugin WordPress Books Gallery plugin, versions
CVE-2023-23705 WordPress Books Gallery Plugin <= 4.4.8 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in HM Plugin WordPress Books Gallery plugin = 4.4.8 versions...
WordPress plugin WordPress Books Gallery 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WordPress Books Gallery...
PT-2023-19144 · WordPress · Hm Plugin Wordpress Books Gallery
Name of the Vulnerable Software and Affected Versions: HM Plugin WordPress Books Gallery plugin versions = 4.4.8 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions o...