CVE-2024-9018

The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

WordPress Easy Gallery plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Easy Gallery versions = 1.4...

WordPress WP Easy Gallery plugin <= 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Gallery Manipulation vulnerability

Missing Authorization to Authenticated Subscriber+ Gallery Manipulation vulnerability discovered by Lucio Sá in WordPress Plugin WP Easy Gallery versions = 4.8.5...

WordPress WP Easy Gallery Plugin <= 2.7 - SQL Injection

This plugin is prone to SQL injection via admin/overview.php galleryId parameter and admin/add-images.php multiple parameter. Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands. Solution Update the plugin...