CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1281 – Photo Gallery < 1.6.3 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2022-1281
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible. El plugin Photo Gallery de WordPress versiones hasta 1.6.3, no escapa apropiadamente del parámetro $_POST["filter_tag"], que es anexado a una consulta SQL, haciendo posible ataques de inyección SQL • https://plugins.trac.wordpress.org/changeset/2706797/photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php?old=2587758&old_path=photo-gallery%2Ftrunk%2Ffrontend%2Fmodels%2FBWGModelGalleryBox.php https://wpscan.com/vulnerability/2b4866f2-f511-41c6-8135-cf1e0263d8de • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1282 – Photo Gallery < 1.6.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1282
The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action. El plugin Photo Gallery by 10Web de WordPress versiones anteriores a 1.6.3, no sanea apropiadamente la variable $_GET["image_url"], que es reflejada en usuarios cuando es ejecutada la acción AJAX editimage_bwg • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2706798%40photo-gallery&old=2694928%40photo-gallery&sfp_email=&sfph_mail= https://wpscan.com/vulnerability/37a58f4e-d2bc-4825-8e1b-4aaf0a1cf1b6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2022-0169 – Photo Gallery by 10Web < 1.6.0 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2022-0169
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection El plugin Photo Gallery by 10Web de WordPress versiones anteriores a 1.6.0, no comprueba ni escapa del parámetro bwg_tag_id_bwg_thumbnails_0 antes de usarlo en una sentencia SQL por medio de la acción AJAX bwg_frontend_data (disponible para usuarios autenticados y no autenticados), conllevando a una inyección SQL no autenticada • https://plugins.trac.wordpress.org/changeset/2672822/photo-gallery#file9 https://wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24362 – Photo Gallery < 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG
https://notcve.org/view.php?id=CVE-2021-24362
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly (ie in the /wp-content/uploads/photo-gallery/ folder), leading to a Cross-Site Scripting (XSS) issue El plugin de WordPress Photo Gallery by 10Web - Mobile-Friendly Image Gallery versiones anteriores a 1.5.75, no aseguraba que los archivos SVG cargados y añadidos a una galería no contuvieran contenido malicioso. Como resultado, unos usuarios autorizados a añadir imágenes a la galería pueden subir un archivo SVG que contenga código JavaScript, que será ejecutado cuando se acceda a la imagen directamente (es decir, en la carpeta /wp-content/uploads/photo-gallery/), conllevando a un problema de tipo Cross-Site Scripting (XSS) • https://wpscan.com/vulnerability/57823dcb-2149-47f7-aae2-d9f04dce851a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24363 – Photo Gallery < 1.5.75 - File Upload Path Traversal
https://notcve.org/view.php?id=CVE-2021-24363
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector El plugin de WordPress Photo Gallery by 10Web - Mobile-Friendly Image Gallery versiones anteriores a 1.5.75, no aseguraba que los archivos subidos se mantuvieran dentro de su carpeta uploads, permitiendo a usuarios con altos privilegios poner imágenes/SVG en cualquier parte del sistema de archivos por medio de un vector de salto de ruta. • https://wpscan.com/vulnerability/1628935f-1d7d-4609-b7a9-e5526499c974 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •