CVE-2015-4133 – ReFlex Gallery » WordPress Photo Gallery < 3.1.4 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2015-4133
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory. Vulnerabilidad de la subida de ficheros sin restricciones en admin/scripts/FileUploader/php.php en el plugin ReFlex Gallery anterior a 3.1.4 para WordPress permite a atacantes remotos ejecutar código PHP arbitrario mediante la subida de un fichero con una extensión PHP, posteriormente accediendo a ello a través de una solicitud directa al fichero en el directorio uploads/. • https://www.exploit-db.com/exploits/36809 http://osvdb.org/show/osvdb/88853 http://packetstormsecurity.com/files/130845 http://packetstormsecurity.com/files/131515 http://www.securityfocus.com/bid/57100 https://wordpress.org/plugins/reflex-gallery/changelog https://wpvulndb.com/vulnerabilities/7867 - • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2014-9441 – Lightbox Photo Gallery <= 1.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-9441
Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php. Múltiples vulnerabilidades de CSRF en el plugin Lightbox Photo Gallery 1.0 para WordPress permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) cambian las configuraciones de plugins a través de vectores no especificados o realizan ataques de XSS a través de del parámetro (2) ll__opt[image2_url] o (3) ll__opt[image3_url] en una acción ll_save_settings en wp-admin/admin-ajax.php. • http://packetstormsecurity.com/files/129507 https://exchange.xforce.ibmcloud.com/vulnerabilities/99490 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-125096 – Fancy Gallery Plugin Options Page class.options.php cross site scripting
https://notcve.org/view.php?id=CVE-2014-125096
A vulnerability was found in Fancy Gallery Plugin 1.5.12 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file class.options.php of the component Options Page. The manipulation leads to cross site scripting. The attack can be launched remotely. • https://github.com/wp-plugins/fancy-gallery/commit/fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d https://vuldb.com/?ctiid.225349 https://vuldb.com/?id.225349 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-6315 – Photo Gallery by 10Web <= 1.1.30 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-6315
Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php. Múltiples vulnerabilidades de XSS en el plugin Web-Dorado Photo Gallery 1.1.30 y anteriores para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) callback, (2) dir, o (3) extensions en una acción addImages en wp-admin/admin-ajax.php. WordPress Photo Gallery plugin version 1.1.30 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html http://secunia.com/advisories/61649 http://www.securityfocus.com/archive/1/533595/100/0/threaded http://www.securityfocus.com/bid/70204 https://exchange.xforce.ibmcloud.com/vulnerabilities/96799 https://plugins.trac.wordpress.org/changeset?new=986500 https://www.htbridge.com/advisory/HTB23232 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-5201 – Gallery Objects <= 0.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2014-5201
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php. Vulnerabilidad de inyección SQL en el plugin Gallery Objects 0.4 para WordPress permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro viewid en una acción go_view_object en wp-admin/admin-ajax.php. • https://www.exploit-db.com/exploits/34105 http://packetstormsecurity.com/files/127533/WordPress-Gallery-Objects-0.4-SQL-Injection.html http://www.homelab.it/index.php/2014/07/18/wordpress-gallery-objects-0-4-sql-injection/#sthash.ftMVwBVK.dpbs http://www.securityfocus.com/bid/68791 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •