Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Prion
Prionadded 2022/12/26 1:15 p.m.18 views

Cross site request forgery (csrf)

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgoptionid POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges i.e. on multisite...

3.3CVSS5.2AI score0.00883EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichmentadded 2022/12/26 12:28 p.m.4 views

CVE-2022-4162 Contest Gallery < 19.1.5 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgrow POST parameter before concatenating it to an SQL query in 3row-order.php. This may allow malicious users with at least author privilege to leak sensitive information...

6.8AI score0.00854EPSS
Exploits2References2
Vulnrichment
Vulnrichmentadded 2022/12/26 12:28 p.m.6 views

CVE-2022-4164 Contest Gallery < 19.1.5 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgmultiplefilesforpost POST parameter before concatenating it to an SQL query in 0change-gallery.php. This may allow malicious users with at least author privilege to leak...

6.8AI score0.00854EPSS
Exploits2References2
Cvelist
Cvelistadded 2022/12/26 12:28 p.m.24 views

CVE-2022-4166 Contest Gallery < 19.1.5 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4activate.php. This may allow malicious users with at least author privilege to leak sensitive informati...

6.7AI score0.00854EPSS
Exploits2References2
CVE
CVEadded 2022/12/26 12:28 p.m.66 views

CVE-2022-4158

The CVE-2022-4158 entry concerns the Contest Gallery WordPress plugin (versions prior to 19.1.5.1) and Contest Gallery Pro (prior to 19.1.5.1). The vulnerability arises from failing to escape the cg_Fields POST parameter before concatenating it into an SQL query within users-registry-check-regist...

7.5CVSS7.4AI score0.00882EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologiesadded 2022/12/26 12:0 a.m.5 views

PT-2022-25930 · WordPress · Contest Gallery Pro +1

Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue arises from the failure to escape the wp user id GET parameter before it is concatenated to an...

4.9CVSS5AI score0.00846EPSS
Exploits2References7
Rows per page
Query Builder