WordPress Photo Gallery Slideshow & Masonry Tiled Gallery plugin <= 1.0.15 - Authenticated (Subscriber+) Limited Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Limited Server-Side Request Forgery vulnerability discovered by shaman0x01 in WordPress Plugin Photo Gallery Slideshow & Masonry Tiled Gallery versions = 1.0.15...

PT-2025-1788 · WordPress · The Photo Gallery Slideshow & Masonry Tiled Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress versions up to, and including, 1.0.15 Description: The issue allows authenticated attackers with Subscriber-level access and above to make web requests to arbitrary...

WordPress plugin Photo Gallery Slideshow & Masonry Tiled Gallery 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...

CVE-2019-25218

The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

WordPress plugin Photo Gallery Slideshow & Masonry Tiled Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

WordPress Photo Gallery Slideshow & Masonry Tiled Gallery plugin <= 1.0.3 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Ala Arfaoui in WordPress Plugin Photo Gallery Slideshow & Masonry Tiled Gallery versions = 1.0.3...

WordPress Photo Gallery Slideshow & Masonry Tiled Gallery Plugin <= 1.0.3 is vulnerable to SQL Injection

Software Photo Gallery Slideshow & Masonry Tiled Gallery Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2019-25218 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6b8bcb14a865 Credits Ala Arfaoui...

CVE-2023-41658

CVE-2023-41658 affects the WordPress plugin “Photo Gallery Slideshow & Masonry Tiled Gallery” versions 1.0.13 (patches indicate 1.0.14 fixes) or disable the plugin as a workaround. No exploitation details or in-the-wild exploit status are provided in the supplied documents. Additional context fr...

WordPress Plugin Photo Gallery Slideshow & Masonry Tiled Gallery Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

Photo Gallery Slideshow & Masonry Tiled Gallery < 1.0.14 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Photo Gallery Slideshow & Masonry Tiled Gallery Plugin <= 1.0.13 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery Slideshow & Masonry Tiled Gallery Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41658 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

PT-2023-19363 · WordPress · The Photo Gallery Slideshow & Masonry Tiled Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress versions up to, and including, 1.0.13 Description: The issue arises from insufficient input sanitization and output escaping, making it possible for unauthenticated...