3 matches found
CVE-2024-10247 YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection
The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2024-10247 YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection
The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2023-45069
CVE-2023-45069 affects Video Gallery – Best WordPress YouTube Gallery Plugin. It is an SQL Injection vulnerability caused by improper neutralization of input elements in the plugin’s SQL command path. Affected versions are reported from n/a through 2.1.3 (per NVD/Red Hat entries). The CVE has a h...