CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34424 – WordPress Featured Content Gallery plugin <= 3.2.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34424
06 May 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iePlexus Featured Content Gallery allows Stored XSS.This issue affects Featured Content Gallery: from n/a through 3.2.0. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en iePlexus Featured Content Gallery permite almacenar XSS. Este problema afecta a la Galería de contenido destacado: desde n/a hasta 3.2.0. The Featured Content Gall... • https://patchstack.com/database/vulnerability/featured-content-gallery/wordpress-featured-content-gallery-plugin-3-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34382 – WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.18 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-34382
03 May 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en RoboSoft Robo Gallery. Este problema afecta a Robo Gallery: desde n/a hasta 3.2.18. The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.18. This makes it po... • https://patchstack.com/database/vulnerability/robo-gallery/wordpress-photo-gallery-images-slider-in-rbs-image-gallery-plugin-3-2-18-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34377 – WordPress Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery plugin <= 1.5.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-34377
03 May 2024 — Missing Authorization vulnerability in A WP Life Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery.This issue affects Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery: from n/a through 1.5.3. Vulnerabilidad de autorización faltante en A WP Life Video Gallery – Api Gallery, YouTube y Vimeo, Link Gallery. Este problema afecta a Video Gallery – Api Gallery, YouTube y Vimeo, Link Gallery: desde n/a hasta 1.5.3. The Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery plugin for Wo... • https://patchstack.com/database/vulnerability/new-video-gallery/wordpress-video-gallery-api-gallery-youtube-and-vimeo-link-gallery-plugin-1-5-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4234 – WordPress Filterable Portfolio plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-4234
26 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayful Islam Filterable Portfolio allows Stored XSS.This issue affects Filterable Portfolio: from n/a through 1.6.4. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Sayful Islam Filterable Portfolio permite almacenar XSS. Este problema afecta a Filterable Portfolio: desde n/a hasta 1.6.4. The Filterable Portfolio plugin for WordPr... • https://patchstack.com/database/vulnerability/filterable-portfolio/wordpress-filterable-portfolio-plugin-1-6-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33586 – WordPress Photo Gallery by 10Web plugin <= 1.8.20 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33586
25 Apr 2024 — Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20. Vulnerabilidad de autorización faltante en Photo Gallery Team Photo Gallery de 10Web. Este problema afecta a Photo Gallery de 10Web: desde n/a hasta 1.8.20. The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8... • https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-20-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32778 – WordPress Contest Gallery plugin <= 21.3.4 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-32778
22 Apr 2024 — Missing Authorization vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4. Vulnerabilidad de falta de autorización en Contest Gallery. Este problema afecta a Contest Gallery: desde n/a hasta 21.3.4. The Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in all versions up to, and including,... • https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-21-3-4-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32433 – WordPress BEAF plugin <= 4.5.4 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32433
12 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Themefic BEAF.This issue affects BEAF: from n/a through 4.5.4. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Themefic BEAF. Este problema afecta a BEAF: desde n/a hasta 4.5.4. The BEAF plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.4. This is due to missing or incorrect nonce validation on the bafg_new_feature_notice_dismissed() function. • https://patchstack.com/database/vulnerability/beaf-before-and-after-gallery/wordpress-beaf-plugin-4-5-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32109 – WordPress WP Matterport Shortcode plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32109
11 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a through 2.1.9. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Julien Berthelot / MPEmbed.Com WP Matterport Shortcode. Este problema afecta a WP Matterport Shortcode: desde n/a hasta 2.1.8. The WP Matterport Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and in... • https://patchstack.com/database/vulnerability/shortcode-gallery-for-matterport-showcase/wordpress-wp-matterport-shortcode-plugin-2-1-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31354 – WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31354
07 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Tribulant Slideshow Gallery. Este problema afecta a Slideshow Gallery: desde n/a hasta 1.7.8. The Slideshow Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.8. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/slideshow-gallery/wordpress-slideshow-gallery-lite-plugin-1-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31355 – WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Auth. SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-31355
07 Apr 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. The Slideshow Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access an... • https://patchstack.com/database/vulnerability/slideshow-gallery/wordpress-slideshow-gallery-lite-plugin-1-7-8-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •