CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31355 – WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Auth. SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-31355
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. The Slideshow Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/slideshow-gallery/wordpress-slideshow-gallery-lite-plugin-1-7-8-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31354 – WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31354
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Tribulant Slideshow Gallery. Este problema afecta a Slideshow Gallery: desde n/a hasta 1.7.8. The Slideshow Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.8. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/slideshow-gallery/wordpress-slideshow-gallery-lite-plugin-1-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31248 – WordPress All-in-One Video Gallery plugin <= 3.5.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31248
Missing Authorization vulnerability in Team Plugins360 All-in-One Video Gallery.This issue affects All-in-One Video Gallery: from n/a through 3.5.2. Vulnerabilidad de falta de autorización en Team Plugins360 All-in-One Video Gallery. Este problema afecta a All-in-One Video Gallery: desde n/a hasta 3.5.2. The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.5.2. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/all-in-one-video-gallery/wordpress-all-in-one-video-gallery-plugin-3-5-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31342 – WordPress Gallery Exporter plugin <= 1.3 - Arbitrary File Download vulnerability
https://notcve.org/view.php?id=CVE-2024-31342
Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3. The WordPress Gallery Exporter – Export your NextGen, Envira and FooGallery galleries to your computer plugin for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 1.3. This is due to the plugin improperly validating the path to requested file downloads. This makes it possible for authenticated attackers, with administrator-level access and above, to download arbitrary files that may contain sensitive information such as wp-config.php • https://patchstack.com/database/vulnerability/wp-gallery-exporter/wordpress-gallery-exporter-plugin-1-3-arbitrary-file-download-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31120 – WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-31120
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Stored XSS.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Responsive Image Gallery, Gallery Album de wpdevart para WordPress permite XSS almacenado. Este problema afecta a Responsive Image Gallery, Gallery Album: desde n/a hasta 2.0.3. The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/gallery-album/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-cross-site-scripting-xss-vulnerability-2?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •