CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2223 – Image Slider <= 1.1.121 - Cross-Site Request Forgery to Post Duplication
https://notcve.org/view.php?id=CVE-2022-2223
The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewic_duplicate_slider. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such as clicking on a link. El plugin Image Slider de WordPress es vulnerable a un ataque de tipo Cross-Site Request Forgery en versiones hasta 1.1.121 incluyéndola, debido a que no es comprobada apropiadamente la existencia de un nonce en la función ewic_duplicate_slider. Esto hace posible que atacantes no autenticados dupliquen publicaciones o páginas existentes concedidas pueden engañar a un administrador del sitio para que lleve a cabo una acción como hacer clic en un enlace • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2749352%40image-slider-widget&new=2749352%40image-slider-widget&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/6356e226-a449-4cd0-be60-2a1c9c70aa59?source=cve https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2223 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2224 – Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication
https://notcve.org/view.php?id=CVE-2022-2224
The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such as clicking on a link. El plugin Gallery for Social Photo de WordPress es vulnerable a un ataque de tipo Cross-Site Request Forgery en versiones hasta 1.0.0.27 incluyéndola, debido a que no es comprobada apropiadamente la existencia de un nonce en la función gifeed_duplicate_feed. Esto hace posible que atacantes no autenticados dupliquen entradas o páginas existentes concedidas pueden engañar a un administrador del sitio para que lleve a cabo una acción como hacer clic en un enlace • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2749351%40feed-instagram-lite&new=2749351%40feed-instagram-lite&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/c6683edc-8c77-446c-bd7e-e97b8c5d0c57?source=cve https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2224 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7386 – Gallery – Photo Albums Plugin < 1.3.47 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-7386
Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media Title or (2) Media Subtitle fields. Múltiples vulnerabilidades de XSS en includes/metaboxes.php en el plugin Gallery - Photo Albums - Portfolio 1.3.47 en WordPress, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de los campos (1) Media Title o (2) Media Subtitle. • http://packetstormsecurity.com/files/133494/WordPress-Easy-Media-Gallery-1.3.47-Cross-Site-Scripting.html https://wpvulndb.com/vulnerabilities/8181 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •