6 matches found
WordPress WP Video Gallery <=1.7.1 - SQL Injection
WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...
CVE-2022-0826
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...
CVE-2022-0826
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...
CVE-2022-0826
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...
CVE-2022-0826
Summary: CVE-2022-0826 affects WordPress plugin WP Video Gallery (versions <= 1.7.1). The connected Nuclei template confirms a SQL injection vulnerability where the plugin fails to sanitize/escape a parameter before interpolating it into a SQL statement via an AJAX action. This allows unauthen...
WordPress WP Video Gallery plugin <= 1.7.1 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress WP Video Gallery plugin versions = 1.7.1. Solution Deactivate and delete. This plugin has been closed as of March 29, 2022 and is not available for download. This closure is temporary, pending a full review...