Lucene search
K

34 matches found

Cvelist
Cvelist
added 2024/10/12 5:39 a.m.20 views

CVE-2024-9776 ImagePress - Image Gallery <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

4.4CVSS0.00328EPSS
Exploits0References3
CVE
CVE
added 2024/10/12 5:39 a.m.93 views

CVE-2024-9776

CVE-2024-9776 refers to a stored cross-site scripting vulnerability in the WordPress plugin ImagePress – Image Gallery (versions

4.8CVSS4.6AI score0.00328EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/10/12 5:39 a.m.18 views

CVE-2024-9824 ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update

The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ipdeletepost' and 'ipupdateposttitle' functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers...

4.3CVSS0.00322EPSS
Exploits0References4
CVE
CVE
added 2024/10/12 5:39 a.m.48 views

CVE-2024-9824

The ImagePress – Image Gallery WordPress plugin is affected up to version 1.2.2 by a Broken Access Control issue: missing capability checks on ip_delete_post and ip_update_post_title allow authenticated users with Subscriber+ rights to delete arbitrary posts and change post titles. Public details...

4.3CVSS4.8AI score0.00322EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/10/12 5:39 a.m.5 views

CVE-2024-9824 ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update

The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ipdeletepost' and 'ipupdateposttitle' functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers...

4.3CVSS6.6AI score0.00322EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/10/12 5:39 a.m.11 views

CVE-2024-9778 ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...

4.3CVSS6.5AI score0.00232EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/10/12 5:39 a.m.24 views

CVE-2024-9778 ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...

4.3CVSS0.00232EPSS
Exploits0References7
CVE
CVE
added 2024/10/12 5:39 a.m.100 views

CVE-2024-9778

CVE-2024-9778 (ImagePress – Image Gallery for WordPress) : CSRF vulnerability in ImagePress versions

4.3CVSS4.7AI score0.00232EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2024/10/12 12:0 a.m.5 views

WordPress plugin ImagePress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.4AI score0.00322EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/12 12:0 a.m.4 views

WordPress plugin ImagePress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS5.9AI score0.00328EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/12 12:0 a.m.4 views

PT-2024-39834 · WordPress · The Imagepress – Image Gallery

Name of the Vulnerable Software and Affected Versions: The ImagePress – Image Gallery plugin for WordPress versions up to, and including, 1.2.2 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allo...

4.8CVSS5.9AI score0.00328EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/10/12 12:0 a.m.6 views

PT-2024-39868 · WordPress · The Imagepress – Image Gallery

Name of the Vulnerable Software and Affected Versions: The ImagePress – Image Gallery plugin for WordPress versions prior to 1.2.3 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without authorization. This is due to a missing capability...

4.3CVSS6.9AI score0.00322EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/10/12 12:0 a.m.8 views

PT-2024-39836 · WordPress · Imagepress

Name of the Vulnerable Software and Affected Versions: ImagePress – Image Gallery plugin for WordPress versions up to, and including, 1.2.2 Description: The issue is due to missing or incorrect nonce validation on the imagepress admin page function, making it possible for unauthenticated attacker...

4.3CVSS6.5AI score0.00232EPSS
Exploits0References12
CNNVD
CNNVD
added 2024/10/12 12:0 a.m.4 views

WordPress plugin ImagePress 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

4.3CVSS6.6AI score0.00232EPSS
Exploits0References7
Rows per page
Query Builder