CVE-2023-5307 – Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers
https://notcve.org/view.php?id=CVE-2023-5307
The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. El complemento Photos and Files Contest Gallery de WordPress anterior a 21.2.8.1 no sanitiza ni escapa a algunos parámetros, lo que podría permitir a usuarios no autenticados realizar ataques de Cross-Site Scripting a través de ciertos encabezados. The Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via headers in all versions up to 21.2.8.1 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://research.cleantalk.org/cve-2023-5307-photos-and-files-contest-gallery-contact-form-21-2-8-1-unauthenticated-stored-xss-via-http-headers https://wpscan.com/vulnerability/6fac1e09-21ab-430d-b56d-195e7238c08c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-41866 – Automatic YouTube Gallery <= 2.3.3 - Missing Authorization via AJAX actions
https://notcve.org/view.php?id=CVE-2023-41866
The Automatic YouTube Gallery plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on the ajax_callback_save_api_key and ajax_callback_delete_cache functions in versions up to, and including, 2.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugin API key and delete the plugin cache. • CWE-862: Missing Authorization •
CVE-2023-41876 – WordPress WP Gallery Metabox Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41876
Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Hardik Kalathiya WP Gallery Metabox en versiones <= 1.0.0. The WP Gallery Metabox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the gallery_metabox() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wp-gallery-metabox/wordpress-wp-gallery-metabox-plugin-1-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-40213 – Justified Gallery <= 1.7.3 - Missing Authorization via 'dismiss_how_to_use_notice' and 'dismiss_notice'
https://notcve.org/view.php?id=CVE-2023-40213
The Justified Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dismiss_how_to_use_notice' and 'dismiss_notice' functions in versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss admin notices. • CWE-862: Missing Authorization •
CVE-2023-37152
https://notcve.org/view.php?id=CVE-2023-37152
Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability. • https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Art%20gallery%20project%201.0.md https://www.chtsecurity.com/news/ad3cee07-3e35-45c0-97f9-811cce13dda9 https://www.chtsecurity.com/news/afe25fb4-55ac-45d9-9ece-cbc1edda2fb2%20 https://www.exploit-db.com/exploits/51524 • CWE-434: Unrestricted Upload of File with Dangerous Type •