CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SQL injection vulnerability in the editgallery function in admin/galleryfunc.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php...

6.5CVSS8.4AI score0.01272EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 1:32 a.m.•3 views

CVE-2016-11018

An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is hugeitimagegalleryajaxcallback...

9.8CVSS8AI score0.01421EPSS

Exploits1References1

NVD•added 2020/02/08 6:15 p.m.•12 views

CVE-2015-2062

Multiple SQL injection vulnerabilities in the Huge-IT Slider slider-image plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popupposts or editcat action in the slidershugeitslider page to wp-admin/admin.php...

7.2CVSS7.8AI score0.00897EPSS

Exploits3References4

Prion•added 2020/02/08 6:15 p.m.•13 views

Sql injection

6.5CVSS9.2AI score0.00897EPSS

Exploits3References4Affected Software1

CVE•added 2020/02/08 5:8 p.m.•158 views

CVE-2015-2062

The CVE-2015-2062 entry documents SQL injection vulnerabilities in the Huge IT Slider WordPress Plugin (slider-image) up to version 2.7.0. The underlying flaw is insufficient input filtering of the removeslide parameter used by task=popup_posts or task=edit_cat on the sliders_huge_it_slider page,...

7.2CVSS7.7AI score0.00897EPSS

Exploits3References4Affected Software1