CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36891 – WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change
https://notcve.org/view.php?id=CVE-2021-36891
15 Jun 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el plugin Photo Gallery by Supsystic versiones anteriores a 1.15.5 incluyéndola, en WordPress que permite cambiar la configuración del plugin • https://patchstack.com/database/vulnerability/gallery-by-supsystic/wordpress-photo-gallery-by-supsystic-plugin-1-15-5-cross-site-request-forgery-csrf-leading-to-plugin-settings-change • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10918 – Photo Gallery by Supsystic <= 1.8.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2016-10918
15 Aug 2016 — The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. El plugin gallery-by-supsystic versiones anteriores a 1.8.6 para WordPress, presenta una vulnerabilidad de tipo CSRF. The Photo Gallery by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.5. This is due to missing or incorrect nonce validation on the 'updateAttachment' action. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged req... • https://wordpress.org/plugins/gallery-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •