Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:48 a.m.8 views

CVE-2022-4160

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgcopyid POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privileg...

6.5CVSS6.8AI score0.00911EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/12/26 12:28 p.m.10 views

CVE-2022-4160 Contest Gallery < 19.1.5 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgcopyid POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privileg...

6.8AI score0.00911EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/12/26 12:28 p.m.30 views

CVE-2022-4160 Contest Gallery < 19.1.5 - Author+ SQL Injection

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgcopyid POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privileg...

6.7AI score0.00911EPSS
Exploits2References2
CVE
CVE
added 2022/12/26 12:28 p.m.87 views

CVE-2022-4160

Summary: CVE-2022-4160 affects Contest Gallery WordPress plugins prior to 19.1.5.1 (Community) and Contest Gallery Pro prior to 19.1.5.1. The root cause is failure to escape the cg_copy_id POST parameter before concatenating it into SQL queries inside cg-copy-comments.php and cg-copy-rating.php, ...

6.5CVSS6.5AI score0.00911EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder