CP Image Store with Slideshow <= 1.0.67 - SQL Injection

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack. id: CVE-2022-1692...

CVE-2026-0684 CP Image Store with Slideshow <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Product Import

The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpisadmininit' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2026-0684 CP Image Store with Slideshow <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Product Import

The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpisadmininit' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and...

EUVD-2022-24977

Malicious code in bioql PyPI...

CVE-2022-1692

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack...

Sql injection

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack...

CVE-2022-1692

The CVE-2022-1692 issue affects the WordPress plugin CP Image Store with Slideshow prior to 1.0.68. The vulnerability arises from failing to sanitize and escape the ordering_by query parameter before it is used in a SQL statement on pages embedding [codepeople-image-store], enabling unauthenticat...

WordPress CP Image Store with Slideshow plugin <= 1.0.67 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer Fraunhofer IESE, Germany and Shi Chen University of Kaiserslautern, Germany in the WordPress CP Image Store with Slideshow plugin versions = 1.0.67. Solution Update the WordPress CP Image Store with Slideshow plugin...

WordPress CP Image Store with Slideshow Plugin <= 1.0.6 - Purchase ID Brute Force Prevention

This plugin is prone to a purchase id brute force prevention vulnerability. Solution Update the plugin...

Wordpress CP Image Store with Slideshow Plugin 1.0.5 Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress CP Image Store with Slideshow 1.0.5 Arbitrary file download vulnerability Date: 2015-07-10 Google Dork: Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Vendor Homepage: http://wordpress.dwbooster.com/...

WordPress Plugin CP Image Store with Slideshow 1.0.5 - Arbitrary File Download

WordPress Plugin CP Image Store with Slideshow 1.0.5 - Arbitrary File Download Exploit Title: WordPress CP Image Store with Slideshow 1.0.5 Arbitrary file download vulnerability Date: 2015-07-10 Google Dork: Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Vendor Homepage:...

WordPress Plugin CP Image Store with Slideshow 1.0.5 - Arbitrary File Download

Exploit Title: WordPress CP Image Store with Slideshow 1.0.5 Arbitrary file download vulnerability Date: 2015-07-10 Google Dork: Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Vendor Homepage: http://wordpress.dwbooster.com/ Software Link:...