Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:41 p.m.5 views

CVE-2022-4166

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4activate.php. This may allow malicious users with at least author privilege to leak sensitive informati...

6.5CVSS6.5AI score0.00854EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:39 p.m.5 views

CVE-2022-4156

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive...

7.5CVSS7.4AI score0.0092EPSS
Exploits2References1
OSV
OSV
added 2022/12/26 1:15 p.m.4 views

CVE-2022-4161

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgcopystart POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensiti...

6.5CVSS5.8AI score0.00854EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/12/26 12:0 a.m.8 views

PT-2022-25944 · WordPress · Contest Gallery Pro +1

Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue arises from the failure to escape the cg option id POST parameter before it is concatenated to ...

4.9CVSS5.1AI score0.00883EPSS
Exploits2References6
Rows per page
Query Builder