4 matches found
CVE-2022-4165
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgorder POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author...
CVE-2022-4165 Contest Gallery < 19.1.5 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgorder POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author...
CVE-2022-4165 Contest Gallery < 19.1.5 - Author+ SQL Injection
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgorder POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author...
CVE-2022-4165
CVE-2022-4165 affects the Contest Gallery WordPress plugin (prior to 19.1.5.1) and Contest Gallery Pro (prior to 19.1.5.1). The root cause is failure to escape the cg_order POST parameter before concatenating it into an SQL query in order-custom-fields-with-and-without-search.php, enabling a user...