2 matches found
CVE-2022-4152 Contest Gallery < 19.1.5 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5, Contest Gallery Pro WordPress plugin before 19.1.5 do not escape the optionid POST parameter before concatenating it to an SQL query in edit-options.php. This may allow malicious users with at least author privilege to leak sensitive information...
CVE-2022-4152
Contest Gallery WordPress plugin < 19.1.5 and Contest Gallery Pro