5 matches found
CVE-2024-10247
The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2024-10247
creationtimestamp| type| source ---|---|--- 2024-12-06 03:41:01+00:00| seen| https://infosec.exchange/users/cve/statuses/113603802589938190 2024-12-06 06:25:05+00:00| seen| https://t.me/cvedetector/12167...
CVE-2024-10247
CVE-2024-10247 affects the WordPress plugin Video Gallery – YouTube Gallery and Vimeo Gallery up to version 2.4.2. The issue is a time-based SQL Injection caused by insufficient escaping of the user-supplied parameter in the orderby clause, allowing an authenticated attacker with Administrator-le...
CVE-2024-10247 YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection
The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2024-10247 YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection
The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...