4 matches found
CVE-2022-4156
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive...
CVE-2022-4156
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive...
CVE-2022-4156 Contest Gallery < 19.1.5.1 - Unauthenticated SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the userid POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive...
CVE-2022-4156
The CVE-2022-4156 issue affects Contest Gallery WordPress plugin versions prior to 19.1.5.1 (and Contest Gallery Pro before 19.1.5.1). The root cause is failure to escape the user_id POST parameter before concatenating it into an SQL query in ajax-functions-backend.php, enabling an unauthenticate...