3 matches found
CVE-2022-4154
The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges i.e. on multisite WordPress configurations to leak sensitive...
CVE-2022-4154 Contest Gallery Pro < 19.1.5 - Admin+ SQL Injection
The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges i.e. on multisite WordPress configurations to leak sensitive...
CVE-2022-4154
The CVE-2022-4154 entry concerns the Contest Gallery Pro WordPress plugin prior to 19.1.5, where management-show-user.php does not escape the wp_user_id GET parameter before concatenating it into an SQL query. This SQL injection could allow malicious users with administrator privileges (e.g., on ...