34 matches found
CVE-2024-9776 ImagePress - Image Gallery <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2024-9776
CVE-2024-9776 refers to a stored cross-site scripting vulnerability in the WordPress plugin ImagePress – Image Gallery (versions
CVE-2024-9824 ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update
The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ipdeletepost' and 'ipupdateposttitle' functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers...
CVE-2024-9824
The ImagePress – Image Gallery WordPress plugin is affected up to version 1.2.2 by a Broken Access Control issue: missing capability checks on ip_delete_post and ip_update_post_title allow authenticated users with Subscriber+ rights to delete arbitrary posts and change post titles. Public details...
CVE-2024-9824 ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update
The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ipdeletepost' and 'ipupdateposttitle' functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers...
CVE-2024-9778 ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...
CVE-2024-9778 ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...
CVE-2024-9778
CVE-2024-9778 (ImagePress – Image Gallery for WordPress) : CSRF vulnerability in ImagePress versions
WordPress plugin ImagePress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin ImagePress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-39834 · WordPress · The Imagepress – Image Gallery
Name of the Vulnerable Software and Affected Versions: The ImagePress – Image Gallery plugin for WordPress versions up to, and including, 1.2.2 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allo...
PT-2024-39868 · WordPress · The Imagepress – Image Gallery
Name of the Vulnerable Software and Affected Versions: The ImagePress – Image Gallery plugin for WordPress versions prior to 1.2.3 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without authorization. This is due to a missing capability...
PT-2024-39836 · WordPress · Imagepress
Name of the Vulnerable Software and Affected Versions: ImagePress – Image Gallery plugin for WordPress versions up to, and including, 1.2.2 Description: The issue is due to missing or incorrect nonce validation on the imagepress admin page function, making it possible for unauthenticated attacker...
WordPress plugin ImagePress 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...