Lucene search
K

760 matches found

CVE
CVE
added 2026/03/23 2:5 p.m.14 views

CVE-2026-33479

CVE-2026-33479 affects WWBN AVideo (Gallery plugin, saveSort.json.php) where unsanitized values from $_REQUEST['sections'] are fed into eval(), enabling PHP code execution via CSRF against an admin session. The issue exists up to version 26.0; a patch in commit 087dab8841f8bdb54be184105ef19b47c56...

8.8CVSS6.3AI score0.00531EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 2:5 p.m.4 views

CVE-2026-33479 AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSR...

8.8CVSS6.3AI score0.00531EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.10 views

WWBN AVideo 代码注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a code injection vulnerability. This vulnerability stemmed from the saveSort.json.php endpoint in the Gallery plugin, which directly passed uncleaned user input to...

8.8CVSS6.4AI score0.00531EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 8:44 p.m.5 views

GHSA-XGGW-G9PM-9QHH AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

Summary The Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSRF token validation. Combined with AVideo's explicit SameSite=None session...

8.8CVSS6.7AI score0.00531EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/20 8:44 p.m.7 views

AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

Summary The Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSRF token validation. Combined with AVideo's explicit SameSite=None session...

8.8CVSS6.7AI score0.00531EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/03/18 5:16 p.m.7 views

CVE-2026-1463

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

8.8CVSS0.00452EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.3 views

CVE-2026-32418 WordPress Meow Gallery plugin <= 5.4.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through = 5.4.4...

5.8AI score0.00291EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/10 10:37 a.m.4 views

WordPress Contest Gallery plugin <= 28.1.2.1 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by lilmingwa13 in WordPress Plugin Contest Gallery versions = 28.1.2.1...

6.4CVSS5.8AI score0.00163EPSS
Exploits0Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/03/10 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-24915

The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections...

9.8CVSS5.9AI score0.127EPSS
In wildExploits2References15
EUVD
EUVD
added 2026/03/04 9:31 a.m.4 views

EUVD-2026-9376

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS6AI score0.00193EPSS
Exploits0References5
CVE
CVE
added 2026/03/04 9:24 a.m.32 views

CVE-2026-1706

CVE-2026-1706 : All-in-One Video Gallery for WordPress has a Reflected Cross-Site Scripting flaw via the vi parameter in versions up to 4.7.1. Insufficient input sanitization/output escaping allows unauthenticated attackers to inject scripts on pages that a user may perform actions on (e.g., clic...

6.1CVSS6.1AI score0.00231EPSS
Exploits0References4
NVD
NVD
added 2026/03/04 9:15 a.m.6 views

CVE-2026-1236

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00193EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/04 8:23 a.m.3 views

CVE-2026-1236 Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
CVE
CVE
added 2026/03/04 8:23 a.m.14 views

CVE-2026-1236

CVE-2026-1236 : Envira Gallery for WordPress (WordPress plugin)

6.4CVSS6AI score0.00193EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/03/03 8:26 a.m.7 views

WordPress Contest Gallery plugin <= 28.1.4 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Thomas Sanzey in WordPress Plugin Contest Gallery versions = 28.1.4...

7.5CVSS6AI score0.00739EPSS
Exploits4References1Affected Software1
NVD
NVD
added 2026/03/02 6:16 p.m.10 views

CVE-2026-3180

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cglmail’ parameter in all versions up to, and including, 28.1.4 due to insufficient escaping on the user supplied parameter...

7.5CVSS0.00739EPSS
Exploits4References6
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.7 views

PT-2026-22660

Name of the Vulnerable Software and Affected Versions The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress versions through 28.1.4 Description The software is susceptible to a blind SQL Injection issue due to inadequate escaping of user-supplied...

7.5CVSS6AI score0.00739EPSS
Exploits4References13
Patchstack
Patchstack
added 2026/02/26 7:21 a.m.10 views

WordPress Responsive Lightbox & Gallery plugin < 2.6.1 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Responsive Lightbox versions 2.6.1...

8.8CVSS5.3AI score0.00261EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/24 6:16 a.m.12 views

CVE-2025-15386

The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...

8.8CVSS0.00261EPSS
Exploits0References1
CVE
CVE
added 2026/02/24 6:0 a.m.26 views

CVE-2025-15386

The CVE describes an Unauthenticated Stored XSS in the WordPress plugin “Responsive Lightbox & Gallery”

8.8CVSS5.4AI score0.00261EPSS
Exploits0References1
Rows per page
Query Builder