4 matches found
CVE-2022-4160
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgcopyid POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privileg...
CVE-2022-4160 Contest Gallery < 19.1.5 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgcopyid POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privileg...
CVE-2022-4160 Contest Gallery < 19.1.5 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgcopyid POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php. This may allow malicious users with at least author privileg...
CVE-2022-4160
Summary: CVE-2022-4160 affects Contest Gallery WordPress plugins prior to 19.1.5.1 (Community) and Contest Gallery Pro prior to 19.1.5.1. The root cause is failure to escape the cg_copy_id POST parameter before concatenating it into SQL queries inside cg-copy-comments.php and cg-copy-rating.php, ...