5 matches found
CVE-2022-4150
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the optionid POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author...
CVE-2022-4150
creationtimestamp| type| source ---|---|--- 2022-12-26 16:40:47+00:00| seen| https://t.me/cibsecurity/55350 2025-04-11 23:51:31+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11519...
CVE-2022-4150 Contest Gallery < 19.1.5 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the optionid POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author...
CVE-2022-4150
CVE-2022-4150 affects Contest Gallery and Contest Gallery Pro WordPress plugins (pre-19.1.5.1). The issue is a SQL injection caused by not escaping the option_id POST parameter before concatenating it into order-custom-fields-with-and-without-search.php, enabling users with at least author privil...
CVE-2022-4150 Contest Gallery < 19.1.5 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the optionid POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author...