WordPress YouTube Gallery and Vimeo Gallery plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by tmrswrr in WordPress Plugin Video Gallery – YouTube Gallery versions = 2.4.2...

CVE-2024-10247 YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection

The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

WordPress Video Gallery - YouTube Gallery And Vimeo Gallery 2.3.6 SQL Injection Vulnerability

Exploit Title: Wordpress Video Gallery - YouTube Gallery and Vimeo Gallery Plugin SQL Injection Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://total-soft.com/wp-video-gallery/ Version 2.3.6 1. Access the Admin Panel: - Navigate to the admin panel of your WordPress site. - Go ...

WordPress YouTube Embed - YouTube Gallery, Vimeo Gallery - Wordpress Plugin Plugin <= 10.3 is vulnerable to Cross Site Scripting (XSS)

Software YouTube Embed - YouTube Gallery, Vimeo Gallery - Wordpress Plugin Type Plugin Vulnerable versions = 10.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Video Gallery - Vimeo and YouTub...