2 matches found
CVE-2022-4163
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgdeactivate and cgactivate POST parameters before concatenating it to an SQL query in 2deactivate.php and 4activate.php, respectively. This may allow malicious users with ...
CVE-2022-4163
CVE-2022-4163 affects the Contest Gallery WordPress plugin (pre-19.1.5.1) and Contest Gallery Pro (pre-19.1.5.1). The root cause is failure to escape the cg_deactivate and cg_activate POST parameters before concatenating them into SQL queries in 2_deactivate.php and 4_activate.php, enabling a use...