CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35750 – WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-35750
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en wpdevart Responsive Image Gallery, Gallery Album. Este problema afecta a Responsive Image Gallery, Gallery Album: desde n/a hasta 2.0.3. The Gallery – Image and Video Gallery with Thumbnails plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/gallery-album/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35628 – WordPress Photo Gallery by 10Web plugin <= 1.8.25 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-35628
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25. Vulnerabilidad de autorización faltante en Photo Gallery Team Photo Gallery de 10Web. Este problema afecta a Photo Gallery de 10Web: desde n/a hasta 1.8.24. The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the dismiss_notice function in all versions up to, and including, 1.8.25. This makes it possible for authenticated attackers, with Subscriber-level access and above, to dismiss notices. • https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-23-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34424 – WordPress Featured Content Gallery plugin <= 3.2.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34424
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iePlexus Featured Content Gallery allows Stored XSS.This issue affects Featured Content Gallery: from n/a through 3.2.0. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en iePlexus Featured Content Gallery permite almacenar XSS. Este problema afecta a la Galería de contenido destacado: desde n/a hasta 3.2.0. The Featured Content Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/featured-content-gallery/wordpress-featured-content-gallery-plugin-3-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34382 – WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.18 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-34382
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en RoboSoft Robo Gallery. Este problema afecta a Robo Gallery: desde n/a hasta 3.2.18. The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.18. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/robo-gallery/wordpress-photo-gallery-images-slider-in-rbs-image-gallery-plugin-3-2-18-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34377 – WordPress Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery plugin <= 1.5.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-34377
Missing Authorization vulnerability in A WP Life Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery.This issue affects Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery: from n/a through 1.5.3. Vulnerabilidad de autorización faltante en A WP Life Video Gallery – Api Gallery, YouTube y Vimeo, Link Gallery. Este problema afecta a Video Gallery – Api Gallery, YouTube y Vimeo, Link Gallery: desde n/a hasta 1.5.3. The Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the _ajax_video_gallery function in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to to retrieve video galleries. • https://patchstack.com/database/vulnerability/new-video-gallery/wordpress-video-gallery-api-gallery-youtube-and-vimeo-link-gallery-plugin-1-5-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •