4 matches found
CVE-2022-4155
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges i.e. on multisite...
CVE-2022-4155
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges i.e. on multisite...
CVE-2022-4155 Contest Gallery < 19.1.5 - Admin+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges i.e. on multisite...
CVE-2022-4155
The CVE affects the Contest Gallery WordPress plugin (prior to 19.1.5.1) and Contest Gallery Pro (prior to 19.1.5.1). The issue arises from not escaping the wp_user_id GET parameter before concatenating it into an SQL query in management-show-user.php, enabling a user with administrator privilege...