CVSS: 8.1EPSS: %CPEs: 1EXPL: 0CVE-2022-45841 – Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.9 - Missing Authorization
https://notcve.org/view.php?id=CVE-2022-45841
The Robo Gallery plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 3.2.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create articles, list posts, activate and deactivate addons and reset gallery view counts. Furthermore, several of these AJAX actions were missing Cross-Site Request Forgery Protection. • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4142 – WordPress Filter Gallery Plugin < 0.1.6 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4142
The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filters passed in the ufg_gallery_filters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page, even when the unfiltered_html capability is disabled. El complemento Filter Gallery de WordPress anterior a 0.1.6 no escapa correctamente a los filtros pasados en la acción ajax ufg_gallery_filters antes de mostrarlos en la página, lo que permite a un usuario con privilegios elevados, como un administrador, inyectar HTML o javascript en la página de configuración del complemento. incluso cuando la capacidad unfiltered_html está deshabilitada. The WordPress Filter Gallery Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ufg_gallery_filters AJAX action in versions up to, and including, 0.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/8c2adadd-0684-49a8-9185-0c7d9581aef1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 2CVE-2022-4156 – Contest Gallery < 19.1.5.1 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2022-4156
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the user_id POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. El complemento Contest Gallery de WordPress anterior a 19.1.5.1 y el complemento Contest Gallery Pro de WordPress anterior a 19.1.5.1 no escapan del parámetro POST user_id antes de concatenarlo a una consulta SQL en ajax-functions-backend.php. Esto puede permitir que usuarios malintencionados con al menos privilegios de autor filtren información confidencial de la base de datos del sitio. The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.5 due to insufficient escaping on the user supplied user_id parameter and lack of sufficient preparation on the existing SQL query. • https://bulletin.iese.de/post/contest-gallery_19-1-4-1_1 https://wpscan.com/vulnerability/254f6e8b-5fa9-4d6d-8e0e-1a4cae18aee0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 2CVE-2022-4158 – Contest Gallery < 19.1.5 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2022-4158
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_Fields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive information from the site's database. El complemento de WordPress Contest Gallery anterior a 19.1.5.1 y el complemento de WordPress de Contest Gallery Pro anterior a 19.1.5.1 no escapan del parámetro POST cg_Fields antes de concatenarlo a una consulta SQL en users-registry-check-registering-and-login.php. Esto puede permitir que visitantes malintencionados filtren información confidencial de la base de datos del sitio. The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied cg_Fields parameter and lack of sufficient preparation on the existing SQL query. • https://bulletin.iese.de/post/contest-gallery_19-1-4-1_15 https://wpscan.com/vulnerability/1b3b51af-ad73-4f8e-ba97-375b8a363b64 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2022-4161 – Contest Gallery < 19.1.5 - Author+ SQL Injection
https://notcve.org/view.php?id=CVE-2022-4161
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. El complemento Contest Gallery de WordPress anterior a 19.1.5.1, y el complemento Contest Gallery Pro de WordPress anterior a 19.1.5.1, no escapan el parámetro POST cg_copy_start antes de concatenarlo a una consulta SQL en copy-gallery-images.php. Esto puede permitir que usuarios malintencionados, con al menos privilegios de autor, filtren información confidencial de la base de datos del sitio The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied cg_copy_start parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://bulletin.iese.de/post/contest-gallery_19-1-4-1_16 https://wpscan.com/vulnerability/a66af8f7-1d5f-4fe5-a2ba-03337064583b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •