Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:34 a.m.10 views

CVE-2022-4155

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges i.e. on multisite...

4.9CVSS6.8AI score0.00846EPSS
Exploits2References1
NVD
NVD
added 2022/12/26 1:15 p.m.25 views

CVE-2022-4155

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges i.e. on multisite...

4.9CVSS0.00846EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/12/26 12:27 p.m.23 views

CVE-2022-4155 Contest Gallery < 19.1.5 - Admin+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wpuserid GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges i.e. on multisite...

5.5AI score0.00846EPSS
Exploits2References2
CVE
CVE
added 2022/12/26 12:27 p.m.75 views

CVE-2022-4155

The CVE affects the Contest Gallery WordPress plugin (prior to 19.1.5.1) and Contest Gallery Pro (prior to 19.1.5.1). The issue arises from not escaping the wp_user_id GET parameter before concatenating it into an SQL query in management-show-user.php, enabling a user with administrator privilege...

4.9CVSS5.1AI score0.00846EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder