90 matches found
WordPress plugin WordPress Gallery Plugin – Limb Image Gallery 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress...
PT-2024-33399 · WordPress · Wordpress Gallery Plugin
Name of the Vulnerable Software and Affected Versions: Limb WordPress Gallery Plugin – Limb Image Gallery versions 1.5.7 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, allowing Code Injection in the Limb Image Gallery Plugin. This enables...
PT-2024-33396 · WordPress · Wordpress Gallery Plugin
Name of the Vulnerable Software and Affected Versions: Limb WordPress Gallery Plugin – Limb Image Gallery versions 1.5.7 and earlier Description: The issue is a Path Traversal vulnerability, specifically a '.../...//' vulnerability. This problem affects the Limb WordPress Gallery Plugin, allowing...
CVE-2024-9018
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...
CVE-2024-9018 WP Easy Gallery <= 4.8.5 - Authenticated (Contributor+) SQL Injection via key Parameter
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...
CVE-2024-9018 WP Easy Gallery <= 4.8.5 - Authenticated (Contributor+) SQL Injection via key Parameter
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...
WordPress Gallery Lightbox Plugin <= 1.0.0.39 is vulnerable to Cross Site Scripting (XSS)
Software Gallery Lightbox Type Plugin Vulnerable versions = 1.0.0.39 Fixed in 1.0.0.41 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47623 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID aa874a6fe1b7 Credits Robert DeVore Required privileg...
CVE-2024-8437 WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Gallery Manipulation
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpegsettings and wpegaddgallery in all versions up to, and including, 4.8.5. This makes it possible for authenticate...
PT-2024-39012 · WordPress · Wp Easy Gallery
Name of the Vulnerable Software and Affected Versions: The WP Easy Gallery – WordPress Gallery Plugin versions up to, and including, 4.8.5 Description: The issue allows authenticated attackers with subscriber-level access and above to perform SQL Injection via the edit imageId and edit imageDelet...
WordPress Contest Gallery Plugin <= 23.1.2 is vulnerable to Sensitive Data Exposure
Software Contest Gallery Type Plugin Vulnerable versions = 23.1.2 Fixed in 23.1.3 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-43283 Patch priority Low CVSS severity Low 5.3 Developer Wasiliy Strecker PSID 7195b9ccc688 Credits Joshu...
CVE-2024-5424
The Gallery Blocks with Lightbox. Image Gallery, HTML5 video , YouTube, Vimeo Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘galleryID’ and 'className' parameters in all versions up to, and including, 3.2.1 due to...
CVE-2024-5424 Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters
The Gallery Blocks with Lightbox. Image Gallery, HTML5 video , YouTube, Vimeo Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘galleryID’ and 'className' parameters in all versions up to, and including, 3.2.1 due to...
Album Gallery – WordPress Gallery < 1.5.8 - Missing Authorization
Description The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxalbumgallery and agsavesettings functions in versions up to, and including, 1.5.7. This makes it possible for authenticated...
CVE-2024-35720 WordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7...
CVE-2024-35720
CVE-2024-35720 concerns the Album Gallery – WordPress Gallery plugin for WordPress, with affected versions listed as n/a through 1.5.7. The initial record characterizes the issue as a Missing Authorization vulnerability. The NVD CVSS data in the document set indicates a high impact (C/H, I/H, A/H...
PT-2024-26671 · WordPress · Album Gallery – Wordpress Gallery
Name of the Vulnerable Software and Affected Versions: Album Gallery – WordPress Gallery versions 1.5.7 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Album Gallery – WordPress Gallery plugin. This vulnerability affects the plugin's functionality,...
CVE-2024-35750 WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3...
WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - SQL Injection vulnerability
SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Responsive Image Gallery, Gallery Album versions = 2.0.3...
PT-2024-23985 · WordPress · Wordpress Gallery Exporter
Name of the Vulnerable Software and Affected Versions: WordPress Gallery Exporter versions 1.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in the WPcloudgallery WordPress Gallery Exporter. This vulnerability affects the WordPress Gallery Exporter plugin...
WordPress Gallery Exporter plugin <= 1.3 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by Abdi Prawira Negara Patchstack Alliance in WordPress Plugin WordPress Gallery Exporter versions = 1.3...