9.8CVSS
9.9AI Score
0.001EPSS
The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays β Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection is...
8.8CVSS
9AI Score
0.001EPSS
The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
6.1CVSS
6.1AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays β Responsive Image Gallery plugin <= 5.1.3 versions.
7.1CVSS
5.9AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays β Responsive Image Gallery plugin <= 5.2.6 versions.
8.8CVSS
8.8AI Score
0.001EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This issue affects Photo Gallery by Ays: from n/a before 5.7.1.
5.5CVSS
4.5AI Score
0.0005EPSS