CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36891 – WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change
https://notcve.org/view.php?id=CVE-2021-36891
Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el plugin Photo Gallery by Supsystic versiones anteriores a 1.15.5 incluyéndola, en WordPress que permite cambiar la configuración del plugin • https://patchstack.com/database/vulnerability/gallery-by-supsystic/wordpress-photo-gallery-by-supsystic-plugin-1-15-5-cross-site-request-forgery-csrf-leading-to-plugin-settings-change https://wordpress.org/plugins/gallery-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10918 – Photo Gallery by Supsystic <= 1.8.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2016-10918
The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. El plugin gallery-by-supsystic versiones anteriores a 1.8.6 para WordPress, presenta una vulnerabilidad de tipo CSRF. The Photo Gallery by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.5. This is due to missing or incorrect nonce validation on the 'updateAttachment' action. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wordpress.org/plugins/gallery-by-supsystic/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •