CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24887 – WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-24887
05 Feb 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress. Este ... • https://patchstack.com/database/vulnerability/contest-gallery/wordpress-photos-and-files-contest-gallery-plugin-21-2-8-4-csrf-leading-to-gallery-creation-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23518 – WordPress ACF Photo Gallery Field plugin <= 2.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-23518
30 Jan 2024 — Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6. Vulnerabilidad de autorización faltante en Navneil Naicker ACF Photo Gallery Field. Este problema afecta a ACF Photo Gallery Field: desde n/a hasta 2.6. The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the apgf_update_donation function in versions up to and including 2.6. This m... • https://patchstack.com/database/vulnerability/navz-photo-gallery/wordpress-acf-photo-gallery-field-plugin-2-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23515 – WordPress Cincopa video and media plugin <= 1.159 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-23515
30 Jan 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Cincopa Post Video Players. Este problema afecta a los reproductores de video de publicación: desde n/a hasta 1.159. The Cincopa video and media plug-in plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.159. This is due to missing or incorrect nonce validation ... • https://patchstack.com/database/vulnerability/video-playlist-and-gallery-plugin/wordpress-cincopa-video-and-media-plugin-1-158-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45631 – WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-45631
11 Oct 2023 — Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 2.0.3. This makes it possible for authent... • https://patchstack.com/database/wordpress/plugin/gallery-album/vulnerability/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 2CVE-2023-5307 – Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers
https://notcve.org/view.php?id=CVE-2023-5307
10 Oct 2023 — The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. El complemento Photos and Files Contest Gallery de WordPress anterior a 21.2.8.1 no sanitiza ni escapa a algunos parámetros, lo que podría permitir a usuarios no autenticados realizar ataques de Cross-Site Scripting a través de ciertos encabezados. The Photos and Files Contest Gallery – Contact... • https://research.cleantalk.org/cve-2023-5307-photos-and-files-contest-gallery-contact-form-21-2-8-1-unauthenticated-stored-xss-via-http-headers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41866 – WordPress Automatic YouTube Gallery plugin <= 2.3.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-41866
05 Sep 2023 — Missing Authorization vulnerability in Team Plugins360 Automatic YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic YouTube Gallery: from n/a through 2.3.3. The Automatic YouTube Gallery plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on the ajax_callback_save_api_key and ajax_callback_delete_cache functions in versions up to, and including, 2.3.3. This makes it possible for authenti... • https://patchstack.com/database/wordpress/plugin/automatic-youtube-gallery/vulnerability/wordpress-automatic-youtube-gallery-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41876 – WordPress WP Gallery Metabox Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41876
05 Sep 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Hardik Kalathiya WP Gallery Metabox en versiones <= 1.0.0. The WP Gallery Metabox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the gallery_metabox() function. This makes it possible for unauthenticated attacke... • https://patchstack.com/database/vulnerability/wp-gallery-metabox/wordpress-wp-gallery-metabox-plugin-1-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40213 – WordPress Justified Gallery plugin <= 1.7.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-40213
10 Aug 2023 — Missing Authorization vulnerability in Mateusz Czardybon Justified Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justified Gallery: from n/a through 1.7.3. The Justified Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dismiss_how_to_use_notice' and 'dismiss_notice' functions in versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-... • https://patchstack.com/database/wordpress/plugin/justified-gallery/vulnerability/wordpress-justified-gallery-plugin-1-7-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-37152
https://notcve.org/view.php?id=CVE-2023-37152
10 Jul 2023 — Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability. • https://github.com/Trinity-SYT-SECURITY/arbitrary-file-upload-RCE/blob/main/Online%20Art%20gallery%20project%201.0.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2561 – Gallery Metabox <= 1.5 - Missing Authorization via gallery_remove
https://notcve.org/view.php?id=CVE-2023-2561
22 Jun 2023 — The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gallery_remove function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to modify galleries attached to posts and pages with this plugin. • https://plugins.trac.wordpress.org/browser/gallery-metabox/trunk/gallery-metabox.php?rev=611664#L233 • CWE-862: Missing Authorization •