761 matches found
WordPress zm-gallery plugin 1.0 SQL Injection
zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection via the order parameter. id: CVE-2016-10940 info: name: WordPress zm-gallery plugin 1.0 SQL Injection author: cckuailong,daffainfo severity: high description: zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection vi...
WordPress Document Gallery plugin <= 5.1.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Document Gallery versions = 5.1.0...
CVE-2026-57662
The CVE-2026-57662 entry concerns the WordPress Contest Gallery plugin (versions up to and including 30.0.0). The connected documents confirm a SQL Injection vulnerability affecting this plugin, tied to Contest Gallery
CVE-2026-57662 WordPress Contest Gallery plugin <= 30.0.0 - SQL Injection vulnerability
Contributor SQL Injection in Contest Gallery = 30.0.0 versions...
CVE-2026-57642
The CVE-2026-57642 entry documents a Contributor SQL Injection in the WordPress Gallery plugin, affected in versions up to 4.7.8. The vulnerability targets the Gallery plugin’s SQL queries (contributor-related flow) and is tracked with CVSS 3.1: Network attack vector, low attack complexity, privi...
CVE-2026-57642 WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability
Contributor SQL Injection in Gallery = 4.7.8 versions...
WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability
SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Gallery versions = 4.7.8...
EUVD-2026-37586
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...
CVE-2026-12165
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...
CVE-2026-12165 Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...
CVE-2026-42660
CVE-2026-42660 affects the WordPress Contest Gallery plugin up to version 28.1.7 . The issue is described as a Sensitive Data Exposure impacting subscribers. Documents provide the vulnerability label and affected version but do not include root cause specifics, exploit details, or concrete remedi...
CVE-2026-42660 WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...
CVE-2026-42657 WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability
Unauthenticated Other Vulnerability Type in Contest Gallery = 28.1.7 versions...
CVE-2026-42656 WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in Contest Gallery = 28.1.6 versions...
CVE-2026-42657 WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability
Unauthenticated Other Vulnerability Type in Contest Gallery = 28.1.7 versions...
CVE-2026-40771 WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...
CVE-2026-1291 Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation
The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...
CVE-2026-9134 Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter
The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributekey' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomplete JavaScript event handler blacklist in the foogallerysanitizejavascript function, which blocks onl...
PT-2026-47144
Name of the Vulnerable Software and Affected Versions The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions prior to 1.8.42 Description Insufficient escaping of user-supplied parameters and lack of proper preparation of SQL queries allow authenticated attackers...
PT-2026-46858
Summary AVideo stores category descriptions from user input and later renders category description as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes when another user views the affected Gallery/category page...