18 matches found
CVE-2025-13621
The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...
WordPress dream gallery plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action vulnerability discovered by dayea song - Ahnlab in WordPress Plugin dream gallery versions = 1.0...
EUVD-2025-201380
The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2025-13621
The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2025-13621
CVE-2025-13621 affects the WordPress plugin dream gallery (versions up to 1.0). The vulnerability is a CSRF to Stored XSS via the dreampluginsmain AJAX action, enabling unauthenticated attackers to cause a site administrator to perform actions that update plugin settings and inject malicious scri...
CVE-2025-13621 dream gallery <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action
The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2025-13621 dream gallery <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action
The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...
PT-2025-49216
The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...
WordPress plugin dream gallery 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
Dream Gallery 2.0 Authentication Bypass
======================================================================================================= Dream Gallery 2.0 Admin panel Authentication bypass Description : An Attackers are able to completely compromise the web application built upon Dream Gallery as they can gain access to the admi...
Dream Gallery 2.0 - Admin Panel Authentication Bypass
Dream Gallery 2.0 - Admin Panel Authentication Bypass ======================================================================================================= Dream Gallery 2.0 Admin panel Authentication bypass Description : An Attackers are able to completely compromise the web application built...
Dream Gallery 2.0 - Admin Panel Authentication Bypass
======================================================================================================= Dream Gallery 2.0 Admin panel Authentication bypass Description : An Attackers are able to completely compromise the web application built upon Dream Gallery as they can gain access to the admi...
Dream Gallery 2.0 - Admin Panel Authentication Bypass
Exploit for php platform in category web applications ======================================================================================================= Dream Gallery 2.0 Admin panel Authentication bypass Description : An Attackers are able to completely compromise the web application built...
Dream Gallery 1.0 Cross Site Request Forgery
...
Dream Gallery 1.0 - Cross-Site Request Forgery (Add Admin)
Dream Gallery 1.0 - Cross-Site Request Forgery Add Admin...
Dream Gallery 1.0 - Cross-Site Request Forgery (Add Admin)
...
Dream Gallery 1.0 SQL Injection
Dream Gallery 是国外一个相册程序,album.php 页面通过传入参数 id 的值来查看不同的专辑,由于没有对传入的 id 的值进行过滤,导致存在 SQL 注入,可获取数据名等。 分析 存在问题的文件位置: query "select from albuns order by albumname asc" -fetchAll; if $db-rows = 1 $albuns = $db-data; foreach $albuns as $album $a = object $album; $db-query "select from fotos where fotoalbu...
Dream Gallery 1.0 SQL Injection
Sql Injection on Dream Gallery v1.0 + Date: 10/01/2016 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: http://clareslab.com.br/ + Software Demo : http://clareslab.com.br/dream/ + Contact: [email protected] + Tested on: Windows 7 and Gnu/Linux + Dork:...