CVSS: 5.4EPSS: %CPEs: 1EXPL: 0CVE-2023-45631 – Responsive Image Gallery, Gallery Album <= 2.0.3 - Missing Authorization via Multiple AJAX Actions
https://notcve.org/view.php?id=CVE-2023-45631
The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to e.g. create galleries, delete galleries, rename albums, delete albums, and more. CVE-2024-37542 may be a duplicate of this. • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-5307 – Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers
https://notcve.org/view.php?id=CVE-2023-5307
The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. El complemento Photos and Files Contest Gallery de WordPress anterior a 21.2.8.1 no sanitiza ni escapa a algunos parámetros, lo que podría permitir a usuarios no autenticados realizar ataques de Cross-Site Scripting a través de ciertos encabezados. The Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via headers in all versions up to 21.2.8.1 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://research.cleantalk.org/cve-2023-5307-photos-and-files-contest-gallery-contact-form-21-2-8-1-unauthenticated-stored-xss-via-http-headers https://wpscan.com/vulnerability/6fac1e09-21ab-430d-b56d-195e7238c08c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41866 – Automatic YouTube Gallery <= 2.3.3 - Missing Authorization via AJAX actions
https://notcve.org/view.php?id=CVE-2023-41866
The Automatic YouTube Gallery plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on the ajax_callback_save_api_key and ajax_callback_delete_cache functions in versions up to, and including, 2.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugin API key and delete the plugin cache. • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41876 – WordPress WP Gallery Metabox Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41876
Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Hardik Kalathiya WP Gallery Metabox en versiones <= 1.0.0. The WP Gallery Metabox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the gallery_metabox() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wp-gallery-metabox/wordpress-wp-gallery-metabox-plugin-1-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40213 – Justified Gallery <= 1.7.3 - Missing Authorization via 'dismiss_how_to_use_notice' and 'dismiss_notice'
https://notcve.org/view.php?id=CVE-2023-40213
The Justified Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dismiss_how_to_use_notice' and 'dismiss_notice' functions in versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss admin notices. • CWE-862: Missing Authorization •