CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33586 – WordPress Photo Gallery by 10Web plugin <= 1.8.20 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33586
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20. Vulnerabilidad de autorización faltante en Photo Gallery Team Photo Gallery de 10Web. Este problema afecta a Photo Gallery de 10Web: desde n/a hasta 1.8.20. The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.20. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-20-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29919 – WordPress Photo Gallery by Ays Plugin <=5.5.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29919
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Reflected XSS.This issue affects Photo Gallery by Ays: from n/a through 5.5.2. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Photo Gallery Team Photo Gallery by Ays permite XSS reflejado. Este problema afecta a Photo Gallery by Ays: desde n/a hasta 5.5.2. The Photo Gallery by Ays plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/gallery-photo-gallery/wordpress-photo-gallery-by-ays-plugin-5-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23518 – WordPress ACF Photo Gallery Field plugin <= 2.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-23518
Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6. Vulnerabilidad de autorización faltante en Navneil Naicker ACF Photo Gallery Field. Este problema afecta a ACF Photo Gallery Field: desde n/a hasta 2.6. The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the apgf_update_donation function in versions up to and including 2.6. This makes it possible for authenticated attackers, with subscriber access and above, to update a plugin option. • https://patchstack.com/database/vulnerability/navz-photo-gallery/wordpress-acf-photo-gallery-field-plugin-2-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33995 – Photo Gallery <= 1.8.15 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-33995
The Photo Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_score function called via an AJAX action in versions up to, and including, 1.8.15. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to check page speed score. • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2776 – code-projects Simple Photo Gallery unrestricted upload
https://notcve.org/view.php?id=CVE-2023-2776
A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. The attack can be initiated remotely. • https://gitee.com/zyz0103/system-vul/blob/master/Simple%20Photo%20Gallery%20In%20PHP%20With%20Source%20Code%20has%20file%20upload%20vulnerability.pdf https://vuldb.com/?ctiid.229282 https://vuldb.com/?id.229282 • CWE-434: Unrestricted Upload of File with Dangerous Type •