CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35721 – WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-35721
06 Jun 2024 — Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5. Vulnerabilidad de autorización faltante en A WP Life Image Gallery: Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery. Este problema afecta a la Galería de imágenes: Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: desde n/a hasta 1.4.5. The Ima... • https://patchstack.com/database/vulnerability/new-image-gallery/wordpress-image-gallery-plugin-1-4-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1327 – Image Gallery - Grid Gallery < 1.1.6 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1327
03 Jun 2022 — The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed El plugin Image Gallery - Grid Gallery de WordPress en versiones anteriores a la 1.1.6 no sanea y escapa de algunos de sus campos de imagen, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting inc... • https://wpscan.com/vulnerability/6b71eb38-0a4a-49d1-96bc-84bbe675be1e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4987
https://notcve.org/view.php?id=CVE-2016-4987
09 Feb 2017 — Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. Vulnerabilidad de salto de directorio en el plugin Image Gallery en versiones anteriores a 1.4 en Jenkins permite a atacantes remotos listar directorios arbitrarios y leer archivos arbitrarios a través de campos de formulario no especificados. • https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2016-11018 – Huge-IT gallery-images <= 1.8.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-11018
10 May 2016 — An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). Se detectó un problema en el plugin Huge-IT gallery-images versiones anteriores a 1.9.0 para WordPress. • http://10degres.net/cve-2016-11018-image-gallery-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6466 – e107 Plugin Image Gallery 0.9.6.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-6466
13 Mar 2009 — SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action. Una vulnerabilidad de inyección SQL en el archivo image_gallery.php en el plugin Image Gallery (image_gallery) de Akira Powered versión 0.9.6.2 para e107, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro image en una acción image-detail . • https://www.exploit-db.com/exploits/6516 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •