16 matches found
CVE-2025-15524
CVE-2025-15524 affects the WordPress plugin Gallery by FooGallery (versions up to and including 3.1.9). A missing capability check in ajax_get_gallery_info() allows authenticated users with Subscriber-level access and above to enumerate gallery IDs and retrieve private/draft/password-protected ga...
CVE-2024-26491
A cross-site scripting XSS vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field...
CVE-2024-27757
flusity CMS through 2.45 allows tools/addonsmodel.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."...
CVE-2024-27757
flusity CMS through 2.45 allows tools/addonsmodel.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."...
CVE-2024-27757
flusity CMS through 2.45 allows tools/addonsmodel.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."...
PT-2024-22025 · Unknown · Flusity-Cms
Name of the Vulnerable Software and Affected Versions: flusity CMS versions through 2.45 Description: The issue allows for XSS in the Gallery Name through the tools/addons model.php file. The product has ceased its development as of February 2024. Recommendations: For versions through 2.45, as a...
CVE-2024-26491
A cross-site scripting XSS vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field...
CVE-2024-26491
A cross-site scripting XSS vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field...
CVE-2024-26491
A cross-site scripting XSS vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field...
PT-2022-28074 · Flatpress · Flatpress
Name of the Vulnerable Software and Affected Versions: FlatPress affected versions not specified Description: A problematic issue was found in FlatPress, affecting the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the Media Manager Plugin. The manipulatio...
CVE-2016-10889
The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name...
Sql injection
The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name...
Anblik WordPress image-gallery-with-slideshow SQL Injection Vulnerability
Anblik WordPress image-gallery-with-slideshow is a slideshow plugin for WordPress developed by Anblik Web Design India. A SQL injection vulnerability exists in the image-gallery-with-slideshow/adminsetting.php file in Anblik WordPress image-gallery-with-slideshow version 1.5.2. A remote attacker...
CVE-2017-1002014
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/adminsetting.php via galleryname parameter...
CVE-2017-1002011
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value-galleryname and $value-gallerydescription where anyone with privileges to modify or add galleries/images and inject javascript into the database...
MiniGal b13 (image backdoor) Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl -=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- MiniGal b13 -=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=- -=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- Author : Dj7xpl / Dj7xplatYahoodotcom Type : Remo...