4 results (0.002 seconds)

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en el plugin Unite Gallery Lite de Valiano que afecta a las versiones 1.7.61 e inferiores. Para explotar esta vulnerabilidad hace falta estar autenticado y tener permisos de administrador o superior. The Unite Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 1.7.61 due to insufficient input sanitization and output escaping. • https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-60-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. El plugin unite-gallery-lite versiones anteriores a 1.5 para WordPress, presenta una vulnerabilidad de tipo CSRF y una inyección SQL por medio de los parámetros galleryid o id del archivo wp-admin/admin.php. • http://packetstormsecurity.com/files/132842 https://wordpress.org/plugins/unite-gallery-lite/#developers https://wpvulndb.com/vulnerabilities/8113 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. El plugin unite-gallery-lite versiones anteriores a 1.5 para WordPress, presenta una inyección SQL por medio del parámetro data[galleryID] en el archivo wp-admin/admin-ajax.php. • http://packetstormsecurity.com/files/132842 https://wordpress.org/plugins/unite-gallery-lite/#developers https://wpvulndb.com/vulnerabilities/8113 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. El plugin unite-gallery-lite anteriores a 1.5 para WordPress, presenta una vulnerabilidad de tipo CSRF y una inyección SQL por medio del archivo wp-admin/admin-ajax.php en una operación unitegallery_ajax_action. • http://packetstormsecurity.com/files/132842 https://wordpress.org/plugins/unite-gallery-lite/#developers https://wpvulndb.com/vulnerabilities/8113 • CWE-352: Cross-Site Request Forgery (CSRF) •