CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 4CVE-2015-5599 – Powerplay Gallery <= 3.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-5599
27 Jun 2015 — Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter. Vulnerabilidad de inyección SQL múltiple en upload.php en el plugin Powerplay Gallery 3.3 para WordPress, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de un parámetro (1) albumid o (2) nombre. • http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-3922 – Coppermine Gallery 1.5.34 XSS / Open Redirection
https://notcve.org/view.php?id=CVE-2015-3922
21 May 2015 — Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter. Vulnerabilidad de la redirección abierta en mode.php en Coppermine Photo Gallery anterior a 1.5.36 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en el parámetro referer. Coppermine Gallery version 1.5.34 suffers from cr... • https://packetstorm.news/files/id/132004 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2015-3921 – Coppermine Gallery 1.5.34 XSS / Open Redirection
https://notcve.org/view.php?id=CVE-2015-3921
21 May 2015 — Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter. Vulnerabilidad de XSS en contact.php en Coppermine Photo Gallery anterior a 1.5.36 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro referer. Coppermine Gallery version 1.5.34 suffers from cross site scripting, open redirection, and directory enu... • https://packetstorm.news/files/id/132004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2015-3923 – Coppermine Gallery 1.5.34 XSS / Open Redirection
https://notcve.org/view.php?id=CVE-2015-3923
21 May 2015 — Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php. Coppermine Photo Gallery anterior a 1.5.36 permite a atacantes remotos enumerar directorios a través de una ruta completa en el parámetro folder en minibrowser.php. Coppermine Gallery version 1.5.34 suffers from cross site scripting, open redirection, and directory enumeration vulnerabilities. • https://packetstorm.news/files/id/132004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 75%CPEs: 1EXPL: 4CVE-2015-4133 – ReFlex Gallery » WordPress Photo Gallery < 3.1.4 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2015-4133
16 Mar 2015 — Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory. Vulnerabilidad de la subida de ficheros sin restricciones en admin/scripts/FileUploader/php.php en el plugin ReFlex Gallery anterior a 3.1.4 para WordPress permite a atacantes remotos ejecutar código PHP arbit... • https://www.exploit-db.com/exploits/36809 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9441 – Lightbox Photo Gallery <= 1.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-9441
12 Dec 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php. Múltiples vulnerabilidades de CSRF en el plugin Lightbox Photo Gallery 1.0 para WordPre... • http://packetstormsecurity.com/files/129507 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125096 – Fancy Gallery Plugin Options Page class.options.php cross site scripting
https://notcve.org/view.php?id=CVE-2014-125096
20 Nov 2014 — A vulnerability was found in Fancy Gallery Plugin 1.5.12 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file class.options.php of the component Options Page. The manipulation leads to cross site scripting. The attack can be launched remotely. • https://github.com/wp-plugins/fancy-gallery/commit/fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2014-6315 – Photo Gallery by 10Web <= 1.1.30 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-6315
01 Oct 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php. Múltiples vulnerabilidades de XSS en el plugin Web-Dorado Photo Gallery 1.1.30 y anteriores para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1... • https://packetstorm.news/files/id/128518 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 4CVE-2014-5201 – Gallery Objects <= 0.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2014-5201
12 Aug 2014 — SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php. Vulnerabilidad de inyección SQL en el plugin Gallery Objects 0.4 para WordPress permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro viewid en una acción go_view_object en wp-admin/admin-ajax.php. • https://www.exploit-db.com/exploits/34105 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2014-5186 – All Video Gallery Plugin for WordPress <= 1.2 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2014-5186
28 May 2014 — SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php. Vulnerabilidad de inyección SQL en el plugin All Video Gallery (all-video-gallery) 1.2 para WordPress permite a administradores remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro id en una acción edit en la página... • http://codevigilant.com/disclosure/wp-plugin-all-video-gallery-a1-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •