CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5974 – Contest Gallery – Photo Contest Plugin for WordPress <= 10.4.4 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-5974
Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Contest Gallery versiones anteriores a 10.4.5, permite a los atacantes remotos secuestrar la autenticación de administradores por medio de vectores no especificados. • https://jvn.jp/en/jp/JVN80925867/index.html https://wordpress.org/plugins/contest-gallery https://wpvulndb.com/vulnerabilities/9436 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14478 – Coppermine 1.5.46 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-14478
ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter. ecard.php en Coppermine Photo Gallery (CPG) 1.5.46 tiene XSS a través del parámetro sender_name, recipient_email, greetings, o recipient_name. Coppermine version 1.5.46 suffers from multiple cross site scripting vulnerabilities. • http://forum.coppermine-gallery.net/index.php/board%2C58.0.html http://packetstormsecurity.com/files/151306/Coppermine-1.5.46-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4612
https://notcve.org/view.php?id=CVE-2014-4612
Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en el gestor de palabras clave en Coppermine Photo Gallery en versiones anteriores a la 1.5.27 y en versiones 1.6.x anteriores a la 1.6.01 permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://forum.coppermine-gallery.net/index.php/topic%2C77376.0.html http://seclists.org/oss-sec/2014/q2/608 http://seclists.org/oss-sec/2014/q2/620 http://sourceforge.net/p/coppermine/code/8674 http://www.securityfocus.com/bid/68140 https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.5.x/CHANGELOG.txt https://sourceforge.net/p/coppermine/code/8674/tree//trunk/cpg1.6.x/CHANGELOG.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-17869 – mgl-instagram-gallery Plugin (Unknown Versions) - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-17869
The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. El plugin mgl-instagram-gallery para WordPress contiene XSS mediante el parámetro multimedia single-gallery.php. • https://cxsecurity.com/issue/WLB-2017120183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10940 – ZM Gallery <= 1.0 - Authenticated (Admin+) SQL Injection
https://notcve.org/view.php?id=CVE-2016-10940
The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. El plugin zm-gallery versión 1.0 para WordPress, presenta una inyección SQL por medio del parámetro order. • http://lenonleite.com.br/en/2016/12/16/zm-gallery-1-plugin-wordpress-blind-injection https://wordpress.org/plugins/zm-gallery/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •