CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11002 – InPost Gallery <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template
https://notcve.org/view.php?id=CVE-2024-11002
25 Nov 2024 — The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. El complemento The InPost Gallery para WordPress es vulner... • https://plugins.trac.wordpress.org/browser/inpost-gallery/trunk/index.php#L323 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-28666 – InPost Gallery <= 2.1.4.1 - Reflected Cross-Site Scripting via 'imgurl'
https://notcve.org/view.php?id=CVE-2023-28666
20 Mar 2023 — The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user. The InPost Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘imgurl’ parameter of the add_inpost_gallery_slide_item action in versions up to, and including, 2.1.4.1 due to insufficient input sanitization and output escaping. This m... • https://www.tenable.com/security/research/tra-2023-3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 88%CPEs: 1EXPL: 2CVE-2022-4063 – InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
https://notcve.org/view.php?id=CVE-2022-4063
28 Nov 2022 — The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. El complemento de WordPress InPost Gallery anterior a 2.1.4.1 utiliza de forma insegura la función extract() de PHP al representar vistas HTML, lo que permite a los atacantes forzar la inclusión de archivos y archivos maliciosos. URL, que pueden permitirles ejecutar código en s... • https://github.com/im-hanzou/INPGer • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •