CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49280 – WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49280
15 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Weblizar Lightbox slider – Responsive Lightbox Gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n/a through 1.10.0. The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10.2 due to insufficient input sanitization and output escaping. This makes it possible... • https://patchstack.com/database/vulnerability/simple-lightbox-gallery/wordpress-lightbox-slider-responsive-lightbox-gallery-plugin-1-10-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49258 – WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Download vulnerability
https://notcve.org/view.php?id=CVE-2024-49258
14 Oct 2024 — Path Traversal: '.../...//' vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. Vulnerabilidad Path Traversal: '.../...//' en el complemento Limb WordPress Gallery Plugin – Limb Image Gallery. Este problema afecta al complemento WordPress Gallery Plugin – Limb Image Gallery: desde n/a hasta 1.5.7. The Limb Gallery | Create Beautiful Image & Video Galleries plugin for WordPress is vulnerable to Directory... • https://patchstack.com/database/vulnerability/limb-gallery/wordpress-limb-gallery-plugin-1-5-7-arbitrary-file-download-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49260 – WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49260
14 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en el complemento Limb WordPress Gallery: Limb Image Gallery permite la inyección de código. Este problema afecta al complemento Limb WordPress Gallery: desde n/a hasta 1.5.7. The Limb Gallery | Create Beautiful... • https://patchstack.com/database/vulnerability/limb-gallery/wordpress-limb-gallery-plugin-1-5-7-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8032 – Smooth Gallery Replacement <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-8032
07 Oct 2024 — The Smooth Gallery Replacement plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8670 – Photo Gallery by 10Web <= 1.8.28 - Authenticated (Administrator+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-8670
03 Oct 2024 — The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations ... • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47623 – WordPress Gallery Lightbox plugin <= 1.0.0.39 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47623
30 Sep 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Gallery Lightbox allows Stored XSS.This issue affects Gallery Lightbox: from n/a through 1.0.0.39. The Gallery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject a... • https://patchstack.com/database/vulnerability/gallery-lightbox-slider/wordpress-gallery-lightbox-plugin-1-0-0-39-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47376 – WordPress Slideshow Gallery LITE plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47376
30 Sep 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Slideshow Gallery allows Stored XSS.This issue affects Slideshow Gallery: from n/a through 1.8.3. The Slideshow Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject ar... • https://patchstack.com/database/vulnerability/slideshow-gallery/wordpress-slideshow-gallery-lite-plugin-1-8-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44043 – WordPress Photo Gallery by 10Web plugin <= 1.8.27 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-44043
23 Sep 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27. The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above,... • https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-mobile-friendly-image-gallery-plugin-1-8-27-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43925 – WordPress Envira Gallery Lite plugin <= 1.8.14 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43925
26 Aug 2024 — Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.14. The Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the envira_gallery_ajax_load_gallery_data() function in versions up to, and including, 1.8.14. This makes it possible for authenticated attackers, with contribu... • https://patchstack.com/database/vulnerability/envira-gallery-lite/wordpress-envira-gallery-lite-plugin-1-8-14-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43283 – WordPress Contest Gallery plugin <= 23.1.2 - Unauthenticated Comment UserID And IP address Disclosure vulnerability
https://notcve.org/view.php?id=CVE-2024-43283
16 Aug 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 23.1.2. The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 23.1.2. This makes it possible for unauthenticated attackers to extract data like comment user IDs and IP Addresses. • https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-23-1-2-unauthenticated-comment-userid-and-ip-address-disclosure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •