CVE-2022-4142 – WordPress Filter Gallery Plugin < 0.1.6 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4142
The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filters passed in the ufg_gallery_filters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page, even when the unfiltered_html capability is disabled. El complemento Filter Gallery de WordPress anterior a 0.1.6 no escapa correctamente a los filtros pasados en la acción ajax ufg_gallery_filters antes de mostrarlos en la página, lo que permite a un usuario con privilegios elevados, como un administrador, inyectar HTML o javascript en la página de configuración del complemento. incluso cuando la capacidad unfiltered_html está deshabilitada. The WordPress Filter Gallery Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ufg_gallery_filters AJAX action in versions up to, and including, 0.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/8c2adadd-0684-49a8-9185-0c7d9581aef1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-4152 – Contest Gallery < 19.1.5 - Author+ SQL Injection
https://notcve.org/view.php?id=CVE-2022-4152
The Contest Gallery WordPress plugin before 19.1.5, Contest Gallery Pro WordPress plugin before 19.1.5 do not escape the option_id POST parameter before concatenating it to an SQL query in edit-options.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. El complemento de WordPress Contest Gallery anterior a 19.1.5 y el complemento de WordPress de Contest Gallery Pro anterior a 19.1.5 no escapan del parámetro POST option_id antes de concatenarlo a una consulta SQL en edit-options.php. Esto puede permitir que usuarios malintencionados con al menos privilegios de autor filtren información confidencial de la base de datos del sitio. The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied option_id GET parameter and lack of sufficient preparation on the existing SQL query. • https://bulletin.iese.de/post/contest-gallery_19-1-4-1_4 https://wpscan.com/vulnerability/4b058966-0859-42ed-a796-b6c6cb08a9fc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-4158 – Contest Gallery < 19.1.5 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2022-4158
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_Fields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive information from the site's database. El complemento de WordPress Contest Gallery anterior a 19.1.5.1 y el complemento de WordPress de Contest Gallery Pro anterior a 19.1.5.1 no escapan del parámetro POST cg_Fields antes de concatenarlo a una consulta SQL en users-registry-check-registering-and-login.php. Esto puede permitir que visitantes malintencionados filtren información confidencial de la base de datos del sitio. The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied cg_Fields parameter and lack of sufficient preparation on the existing SQL query. • https://bulletin.iese.de/post/contest-gallery_19-1-4-1_15 https://wpscan.com/vulnerability/1b3b51af-ad73-4f8e-ba97-375b8a363b64 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-4161 – Contest Gallery < 19.1.5 - Author+ SQL Injection
https://notcve.org/view.php?id=CVE-2022-4161
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. El complemento Contest Gallery de WordPress anterior a 19.1.5.1, y el complemento Contest Gallery Pro de WordPress anterior a 19.1.5.1, no escapan el parámetro POST cg_copy_start antes de concatenarlo a una consulta SQL en copy-gallery-images.php. Esto puede permitir que usuarios malintencionados, con al menos privilegios de autor, filtren información confidencial de la base de datos del sitio The Contest Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied cg_copy_start parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with author-level privileges or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://bulletin.iese.de/post/contest-gallery_19-1-4-1_16 https://wpscan.com/vulnerability/a66af8f7-1d5f-4fe5-a2ba-03337064583b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-4154 – Contest Gallery Pro < 19.1.5 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2022-4154
The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database. El complemento Contest Gallery Pro de WordPress anterior a 19.1.5 no escapa del parámetro GET wp_user_id antes de concatenarlo a una consulta SQL en management-show-user.php. Esto puede permitir que usuarios malintencionados con privilegios de administrador (es decir, en configuraciones de WordPress multisitio) filtren información confidencial de la base de datos del sitio. The Contest Gallery Pro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.1.4.1 due to insufficient escaping on the user supplied wp_user_id parameter and lack of sufficient preparation on the existing SQL query. • https://bulletin.iese.de/post/contest-gallery_19-1-4-1_5 https://wpscan.com/vulnerability/dac32ed4-d3df-420a-a2eb-9e7d2435826a • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •