Lucene search
+L

90 matches found

CNNVD
CNNVD
added 2024/10/16 12:0 a.m.6 views

WordPress plugin WordPress Gallery Plugin – Limb Image Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress...

6.5CVSS6.6AI score0.00521EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.8 views

PT-2024-33399 · WordPress · Wordpress Gallery Plugin

Name of the Vulnerable Software and Affected Versions: Limb WordPress Gallery Plugin – Limb Image Gallery versions 1.5.7 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, allowing Code Injection in the Limb Image Gallery Plugin. This enables...

9.9CVSS7.5AI score0.00482EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.9 views

PT-2024-33396 · WordPress · Wordpress Gallery Plugin

Name of the Vulnerable Software and Affected Versions: Limb WordPress Gallery Plugin – Limb Image Gallery versions 1.5.7 and earlier Description: The issue is a Path Traversal vulnerability, specifically a '.../...//' vulnerability. This problem affects the Limb WordPress Gallery Plugin, allowing...

6.5CVSS6.9AI score0.00521EPSS
Exploits0References5
NVD
NVD
added 2024/10/01 9:15 a.m.9 views

CVE-2024-9018

The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

8.8CVSS0.00498EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/01 8:30 a.m.23 views

CVE-2024-9018 WP Easy Gallery <= 4.8.5 - Authenticated (Contributor+) SQL Injection via key Parameter

The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

8.8CVSS0.00498EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/01 8:30 a.m.12 views

CVE-2024-9018 WP Easy Gallery <= 4.8.5 - Authenticated (Contributor+) SQL Injection via key Parameter

The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...

8.8CVSS7.3AI score0.00498EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/09/30 12:0 a.m.9 views

WordPress Gallery Lightbox Plugin <= 1.0.0.39 is vulnerable to Cross Site Scripting (XSS)

Software Gallery Lightbox Type Plugin Vulnerable versions = 1.0.0.39 Fixed in 1.0.0.41 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47623 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID aa874a6fe1b7 Credits Robert DeVore Required privileg...

5.9CVSS6.5AI score0.00246EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/24 7:30 a.m.12 views

CVE-2024-8437 WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Gallery Manipulation

The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpegsettings and wpegaddgallery in all versions up to, and including, 4.8.5. This makes it possible for authenticate...

4.3CVSS6.5AI score0.0028EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.9 views

PT-2024-39012 · WordPress · Wp Easy Gallery

Name of the Vulnerable Software and Affected Versions: The WP Easy Gallery – WordPress Gallery Plugin versions up to, and including, 4.8.5 Description: The issue allows authenticated attackers with subscriber-level access and above to perform SQL Injection via the edit imageId and edit imageDelet...

9.9CVSS7.8AI score0.00483EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/08/16 12:0 a.m.11 views

WordPress Contest Gallery Plugin <= 23.1.2 is vulnerable to Sensitive Data Exposure

Software Contest Gallery Type Plugin Vulnerable versions = 23.1.2 Fixed in 23.1.3 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-43283 Patch priority Low CVSS severity Low 5.3 Developer Wasiliy Strecker PSID 7195b9ccc688 Credits Joshu...

7.5CVSS6.6AI score0.01104EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/06/28 9:15 a.m.3 views

CVE-2024-5424

The Gallery Blocks with Lightbox. Image Gallery, HTML5 video , YouTube, Vimeo Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘galleryID’ and 'className' parameters in all versions up to, and including, 3.2.1 due to...

6.4CVSS6.1AI score0.0047EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/06/28 8:33 a.m.29 views

CVE-2024-5424 Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters

The Gallery Blocks with Lightbox. Image Gallery, HTML5 video , YouTube, Vimeo Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘galleryID’ and 'className' parameters in all versions up to, and including, 3.2.1 due to...

6.4CVSS0.0047EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.15 views

Album Gallery – WordPress Gallery < 1.5.8 - Missing Authorization

Description The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxalbumgallery and agsavesettings functions in versions up to, and including, 1.5.7. This makes it possible for authenticated...

8.8CVSS6.4AI score0.00356EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/06/10 7:59 a.m.36 views

CVE-2024-35720 WordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7...

4.3CVSS0.00356EPSS
Exploits0References1
CVE
CVE
added 2024/06/10 7:59 a.m.59 views

CVE-2024-35720

CVE-2024-35720 concerns the Album Gallery – WordPress Gallery plugin for WordPress, with affected versions listed as n/a through 1.5.7. The initial record characterizes the issue as a Missing Authorization vulnerability. The NVD CVSS data in the document set indicates a high impact (C/H, I/H, A/H...

8.8CVSS5.6AI score0.00356EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/10 12:0 a.m.8 views

PT-2024-26671 · WordPress · Album Gallery – Wordpress Gallery

Name of the Vulnerable Software and Affected Versions: Album Gallery – WordPress Gallery versions 1.5.7 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Album Gallery – WordPress Gallery plugin. This vulnerability affects the plugin's functionality,...

8.8CVSS6.5AI score0.00356EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/06/08 12:37 p.m.24 views

CVE-2024-35750 WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3...

8.5CVSS7.7AI score0.00441EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/06/06 6:59 p.m.6 views

WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Responsive Image Gallery, Gallery Album versions = 2.0.3...

8.8CVSS8.1AI score0.00441EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.12 views

PT-2024-23985 · WordPress · Wordpress Gallery Exporter

Name of the Vulnerable Software and Affected Versions: WordPress Gallery Exporter versions 1.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in the WPcloudgallery WordPress Gallery Exporter. This vulnerability affects the WordPress Gallery Exporter plugin...

6.5CVSS9.3AI score0.00549EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/04/05 11:7 a.m.7 views

WordPress Gallery Exporter plugin <= 1.3 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Abdi Prawira Negara Patchstack Alliance in WordPress Plugin WordPress Gallery Exporter versions = 1.3...

6.5CVSS7AI score0.00549EPSS
Exploits0Affected Software1
Rows per page
Query Builder