CVE-2013-7482 – ReFlex Gallery < 1.4.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-7482
The reflex-gallery plugin before 1.4.3 for WordPress has XSS. El plugin reflex-gallery anterior a 1.4.3 para WordPress tiene XSS. The reflex-gallery plugin before 1.4.3 for WordPress has XSS via Edit Content URL field. • https://wordpress.org/plugins/reflex-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-17869 – mgl-instagram-gallery Plugin (Unknown Versions) - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-17869
The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. El plugin mgl-instagram-gallery para WordPress contiene XSS mediante el parámetro multimedia single-gallery.php. • https://cxsecurity.com/issue/WLB-2017120183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-10940 – ZM Gallery <= 1.0 - Authenticated (Admin+) SQL Injection
https://notcve.org/view.php?id=CVE-2016-10940
The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. El plugin zm-gallery versión 1.0 para WordPress, presenta una inyección SQL por medio del parámetro order. • http://lenonleite.com.br/en/2016/12/16/zm-gallery-1-plugin-wordpress-blind-injection https://wordpress.org/plugins/zm-gallery/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2016-1000153 – Tidio Gallery <= 1.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-1000153
Reflected XSS in wordpress plugin tidio-gallery v1.1 Vulnerabilidad de XSS reflejada en el plugin de wordpress tidio-gallery v1.1 Reflected XSS in wordpress plugin tidio-gallery v1.1 via galleryId parameter. • http://www.securityfocus.com/bid/93543 http://www.vapidlabs.com/wp/wp_advisory.php?v=427 https://wordpress.org/plugins/tidio-gallery • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-7527 – Cool Video Gallery <= 1.9 - Authenticated Command Injection
https://notcve.org/view.php?id=CVE-2015-7527
lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fields in the "Video Gallery Settings" page. lib/core.php en el plugin Cool Video Gallery 1.9 para WordPress permite a atacantes remotos ejecutar código arbitrario a través de meta carácteres shell en el 'Ancho de la imagen de vista previa' y posiblemente en otros campos de entrada en la página 'Video Gallery Settings'. WordPress Cool Video Gallery plugin version 1.9 suffers from a remote command injection vulnerability. • http://packetstormsecurity.com/files/134626/WordPress-Cool-Video-Gallery-1.9-Command-Injection.html http://www.openwall.com/lists/oss-security/2015/12/02/9 http://www.securityfocus.com/archive/1/537051/100/0/threaded http://www.vapidlabs.com/advisory.php?v=158 https://wordpress.org/support/topic/command-injection-vulnerability-in-v19 https://wpvulndb.com/vulnerabilities/8348 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •