CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2561 – Gallery Metabox <= 1.5 - Missing Authorization via gallery_remove
https://notcve.org/view.php?id=CVE-2023-2561
The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gallery_remove function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to modify galleries attached to posts and pages with this plugin. • https://plugins.trac.wordpress.org/browser/gallery-metabox/trunk/gallery-metabox.php?rev=611664#L233 https://www.wordfence.com/threat-intel/vulnerabilities/id/faad339f-96d6-4937-a1f3-9d2d19bc6395?source=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2562 – Gallery Metabox <= 1.5 - Missing Authorization via refresh_metabox
https://notcve.org/view.php?id=CVE-2023-2562
The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refresh_metabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to obtain a list of images attached to a post. • https://plugins.trac.wordpress.org/browser/gallery-metabox/trunk/gallery-metabox.php?rev=611664#L203 https://www.wordfence.com/threat-intel/vulnerabilities/id/951e4651-56d6-474d-84b3-5a7cfc357b9f?source=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33995 – Photo Gallery <= 1.8.15 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-33995
The Photo Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_score function called via an AJAX action in versions up to, and including, 1.8.15. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to check page speed score. • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25473 – WordPress Flickr Justified Gallery Plugin <= 3.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25473
Cross-Site Request Forgery (CSRF) vulnerability in Miro Mannino Flickr Justified Gallery plugin <= 3.5 versions. The Flickr Justified Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5. This is due to missing or incorrect nonce validation on the fjgwpp_settings() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/flickr-justified-gallery/wordpress-flickr-justified-gallery-plugin-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33310 – WordPress Unite Gallery Lite plugin <= 1.7.59 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2023-33310
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59. La limitación incorrecta de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en Valiano Unite Gallery Lite permite la inclusión de archivos locales PHP. Este problema afecta a Unite Gallery Lite: desde n/a hasta 1.7.59. The Unite Gallery Lite plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.7.59 via the 'view' parameter. This allows authenticated attackers with administrator-level privileges to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. • https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-59-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •