2 matches found
CVE-2022-1282
The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $GET'imageurl' variable, which is reflected back to the users when executing the editimagebwg AJAX action...
CVE-2024-5442
Summary of CVE-2024-5442 (NextGEN Gallery) : The WordPress plugin NextGEN Gallery (versions before 3.59.3) contains sanitization/escaping flaws in settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., administrators) even when unfiltered_html is disallowed (such as in mult...