CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43207 – WordPress Unite Gallery Lite plugin <= 1.7.62 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-43207
09 Aug 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62. The Unite Gallery Lite plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.7.62 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access... • https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-62-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34183 – WordPress Unite Gallery Lite Plugin <= 1.7.61 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-34183
30 May 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en el plugin Unite Gallery Lite de Valiano que afecta a las versiones 1.7.61 e inferiores. Para explotar esta vulnerabilidad hace falta estar autenticado y tener permisos de administrador o superior. The Unite Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and incl... • https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-60-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33310 – WordPress Unite Gallery Lite plugin <= 1.7.59 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2023-33310
22 May 2023 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59. La limitación incorrecta de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en Valiano Unite Gallery Lite permite la inclusión de archivos locales PHP. Este problema afecta a Unite Gallery Lite: desde n/a hasta 1.7.59. The Unite Gallery Lite plugin for Word... • https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-59-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2015-9446 – Unite Gallery Lite < 1.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-9446
25 Jul 2015 — The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. El plugin unite-gallery-lite versiones anteriores a 1.5 para WordPress, presenta una inyección SQL por medio del parámetro data[galleryID] en el archivo wp-admin/admin-ajax.php. • http://packetstormsecurity.com/files/132842 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2015-9447 – Unite Gallery Lite < 1.5 - Cross-Site Request Forgery and SQL Injection
https://notcve.org/view.php?id=CVE-2015-9447
25 Jul 2015 — The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. El plugin unite-gallery-lite versiones anteriores a 1.5 para WordPress, presenta una vulnerabilidad de tipo CSRF y una inyección SQL por medio de los parámetros galleryid o id del archivo wp-admin/admin.php. • http://packetstormsecurity.com/files/132842 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-9445 – Unite Gallery Lite <= 1.4.6 - Cross-Site Request Forgery & Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2015-9445
25 Jul 2015 — The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. El plugin unite-gallery-lite anteriores a 1.5 para WordPress, presenta una vulnerabilidad de tipo CSRF y una inyección SQL por medio del archivo wp-admin/admin-ajax.php en una operación unitegallery_ajax_action. • http://packetstormsecurity.com/files/132842 • CWE-352: Cross-Site Request Forgery (CSRF) •