23 matches found
WordPress BNE Gallery Extended plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via gallery Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via gallery Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin BNE Gallery Extended versions = 1.2.1...
PT-2024-24985 · WordPress · Rtmedia For Wordpress
Name of the Vulnerable Software and Affected Versions: rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress versions up to, and including, 4.6.18 Description: The issue allows authenticated attackers with contributor-level access and above to perform blind SQL Injection via the...
CVE-2021-24465
The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode available for users as low as Contributor before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned...