31 matches found
EUVD-2024-47092
Malicious code in bioql PyPI...
EUVD-2024-32161
Malicious code in bioql PyPI...
EUVD-2022-30263
Malicious code in bioql PyPI...
CVE-2024-3581
The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the addmedialibraryimagestogallery function in all versions up to, and including, 6.4.2. This makes it possible for authenticated attackers, with subscriber access or above, to...
CVE-2024-5970
The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallerythumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-5970
CVE-2024-5970 applies to the MaxGalleria WordPress plugin. It is a Stored XSS vulnerability in the maxgallery_thumb shortcode, affecting all versions up to and including 6.4.4. The issue stems from insufficient input sanitization and output escaping on user-supplied attributes, allowing an attack...
CVE-2024-5970 MaxGalleria <= 6.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via maxgallery_thumb Shortcode
The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallerythumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-5970 MaxGalleria <= 6.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via maxgallery_thumb Shortcode
The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallerythumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress MaxGalleria plugin <= 6.4.4 - Authenticated Stored Cross-Site Scripting vulnerability
Authenticated Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin MaxGalleria versions = 6.4.4...
WordPress MaxGalleria Plugin <= 6.4.4 is vulnerable to Cross Site Scripting (XSS)
Software MaxGalleria Type Plugin Vulnerable versions = 6.4.4 Fixed in 6.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5970 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 847e5197a4f5 Credits Peter Thaleikis Required...
WordPress Plugin MaxGalleria Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-3581
The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the addmedialibraryimagestogallery function in all versions up to, and including, 6.4.2. This makes it possible for authenticated attackers, with subscriber access or above, to...
CVE-2024-3581
CVE-2024-3581 affects the MaxGalleria WordPress plugin. The issue is an unauthorized image upload flaw caused by a missing capability check in add_media_library_images_to_gallery, affecting all versions up to and including 6.4.2. Exploitation requires authentication with at least Subscriber privi...
CVE-2024-3581 MaxGalleria <= 6.4.2 - Missing Authorization
The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the addmedialibraryimagestogallery function in all versions up to, and including, 6.4.2. This makes it possible for authenticated attackers, with subscriber access or above, to...
CVE-2024-3581 MaxGalleria <= 6.4.2 - Missing Authorization
The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the addmedialibraryimagestogallery function in all versions up to, and including, 6.4.2. This makes it possible for authenticated attackers, with subscriber access or above, to...
PT-2024-26749 · WordPress · Maxgalleria
Name of the Vulnerable Software and Affected Versions: MaxGalleria plugin for WordPress versions up to, and including, 6.4.2 Description: The issue is related to unauthorized image upload due to a missing capability check on the add media library images to gallery function. This allows...
WordPress plugin MaxGalleria 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress MaxGalleria plugin <= 6.4.2 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Lucio Sá in WordPress Plugin MaxGalleria versions = 6.4.2...
WordPress MaxGalleria Plugin <= 6.4.2 is vulnerable to Broken Access Control
Software MaxGalleria Type Plugin Vulnerable versions = 6.4.2 Fixed in 6.4.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3581 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a2a4b94effe0 Credits Lucio Sá Required privilege...
MaxGalleria < 6.4.3 - Missing Authorization
Description The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the addmedialibraryimagestogallery function in all versions up to, and including, 6.4.2. This makes it possible for authenticated attackers, with subscriber access or...