6 results (0.004 seconds)

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62. The Unite Gallery Lite plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.7.62 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-62-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en el plugin Unite Gallery Lite de Valiano que afecta a las versiones 1.7.61 e inferiores. Para explotar esta vulnerabilidad hace falta estar autenticado y tener permisos de administrador o superior. The Unite Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 1.7.61 due to insufficient input sanitization and output escaping. • https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-60-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59. La limitación incorrecta de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en Valiano Unite Gallery Lite permite la inclusión de archivos locales PHP. Este problema afecta a Unite Gallery Lite: desde n/a hasta 1.7.59. The Unite Gallery Lite plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.7.59 via the 'view' parameter. This allows authenticated attackers with administrator-level privileges to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. • https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-59-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. El plugin unite-gallery-lite versiones anteriores a 1.5 para WordPress, presenta una vulnerabilidad de tipo CSRF y una inyección SQL por medio de los parámetros galleryid o id del archivo wp-admin/admin.php. • http://packetstormsecurity.com/files/132842 https://wordpress.org/plugins/unite-gallery-lite/#developers https://wpvulndb.com/vulnerabilities/8113 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. El plugin unite-gallery-lite versiones anteriores a 1.5 para WordPress, presenta una inyección SQL por medio del parámetro data[galleryID] en el archivo wp-admin/admin-ajax.php. • http://packetstormsecurity.com/files/132842 https://wordpress.org/plugins/unite-gallery-lite/#developers https://wpvulndb.com/vulnerabilities/8113 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •