Lucene search
+L

60 matches found

Patchstack
Patchstack
added 2023/04/12 12:0 a.m.17 views

WordPress InPost Gallery Plugin <= 2.1.4.1 is vulnerable to Cross Site Scripting (XSS)

Software InPost Gallery Type Plugin Vulnerable versions = 2.1.4.1 Fixed in 2.1.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28666 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a2e097871dba Credits Joshua Martinelle...

5.4CVSS5.6AI score0.00441EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2023/03/22 9:15 p.m.5 views

CVE-2023-28666

The InPost Gallery WordPress plugin, in versions 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the addinpostgalleryslideitem action, which can only be triggered by an authenticated user...

5.4CVSS6.6AI score0.00441EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.9 views

PT-2023-21887 · WordPress · Inpost Gallery

Name of the Vulnerable Software and Affected Versions: InPost Gallery WordPress plugin versions prior to 2.2.2 Description: The issue is a reflected cross-site scripting vulnerability. It affects the imgurl parameter to the add inpost gallery slide item action and can only be triggered by an...

5.4CVSS5.9AI score0.00441EPSS
Exploits2References4
Cvelist
Cvelist
added 2023/03/22 12:0 a.m.52 views

CVE-2023-28666

The InPost Gallery WordPress plugin, in versions 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the addinpostgalleryslideitem action, which can only be triggered by an authenticated user...

5.3AI score0.00441EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/03/22 12:0 a.m.14 views

InPost Gallery <= 2.1.4.1 - Reflected XSS

The plugin does not sanitise and escape the imgurl parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...

5.4CVSS5.5AI score0.00441EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.43 views

WordPress plugin InPost Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6.6AI score0.00441EPSS
Exploits2References3
wpexploit
wpexploit
added 2023/03/22 12:0 a.m.101 views

InPost Gallery <= 2.1.4.1 - Reflected XSS

The plugin does not sanitise and escape the imgurl parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

5.4CVSS5.7AI score0.00441EPSS
Exploits2References1
OSV
OSV
added 2022/12/19 2:15 p.m.7 views

CVE-2022-4063

The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...

9.8CVSS5.9AI score0.09519EPSS
Exploits2References1
NVD
NVD
added 2022/12/19 2:15 p.m.40 views

CVE-2022-4063

The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...

9.8CVSS0.09519EPSS
Exploits2References1
Prion
Prion
added 2022/12/19 2:15 p.m.19 views

Design/Logic Flaw

The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...

7.5CVSS9.4AI score0.09519EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/19 1:41 p.m.11 views

CVE-2022-4063 InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE

The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...

9.4AI score0.09519EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/12/19 1:41 p.m.45 views

CVE-2022-4063 InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE

The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...

9.7AI score0.09519EPSS
Exploits2References1
CVE
CVE
added 2022/12/19 1:41 p.m.85 views

CVE-2022-4063

The CVE-2022-4063 issue affects WordPress InPost Gallery plugin versions before 2.1.4.1. The root cause is insecure use of PHP’s extract() when rendering HTML views, which can force inclusion of arbitrary files/URLs and may enable code execution on the server via Local File Inclusion (LFI) or rem...

9.8CVSS9.5AI score0.09519EPSS
In wildExploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/19 12:0 a.m.15 views

PT-2022-25427 · WordPress · Inpost Gallery

Name of the Vulnerable Software and Affected Versions: InPost Gallery WordPress plugin version 2.1.4 and earlier Description: The issue arises from the insecure use of PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files and URLs. This cou...

9.8CVSS9.3AI score0.09519EPSS
Exploits2References5
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.40 views

WordPress plugin InPost Gallery 路径遍历漏洞

WordPress and others are products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language.WordPress plugin is an application plugin.PHP and others are products of.PHP is a scripting language that executes on the server side. A path traversal...

9.8CVSS8.4AI score0.09519EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/11/28 12:0 a.m.20 views

InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE

The plugin insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. PoC Invoke the following shell commands to disclose the /etc/passwd file: Define the payload "pagepath"...

9.8CVSS0.09519EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/11/28 12:0 a.m.262 views

InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE

The plugin insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. Invoke the following shell commands to disclose the /etc/passwd file: Define the payload "pagepath" value...

9.8CVSS0.2AI score0.09519EPSS
Exploits2
Patchstack
Patchstack
added 2016/10/20 12:0 a.m.6 views

WordPress InPost Gallery plugin <= 2.1.2 - Authenticated Persistent Cross-Site (XSS) Vulnerability

WordPress InPost Gallery plugin version = 2.1.2 is vulnerable to Cross-Site XSS vulnerability. The values on the admin settings page are not escaped. Solution Update the plugin...

2.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2016/10/20 12:0 a.m.9 views

WordPress InPost Gallery Plugin <= 2.1.2 - Local File Inclusion (LFI) Vulnerability

WordPress InPost Gallery plugin is prone to a local file inclusion vulnerability. The value of “popupshortcodekey”, in to the function renderhtml is not validated and later it is included. Solution Update the plugin...

2.1AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2016/10/18 12:0 a.m.7 views

InPost Gallery <= 2.1.2 - LFI & Authenticated Stored XSS

The InPost Gallery WordPress plugin was affected by a LFI & Authenticated Stored XSS security vulnerability...

2.3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder