CVE-2024-35721 – WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-35721
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5. Vulnerabilidad de autorización faltante en A WP Life Image Gallery: Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery. Este problema afecta a la Galería de imágenes: Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: desde n/a hasta 1.4.5. The Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the _ajax_image_gallery and _ig_save_settings functions in versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify plugin settings. • https://patchstack.com/database/vulnerability/new-image-gallery/wordpress-image-gallery-plugin-1-4-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2022-1327 – Image Gallery - Grid Gallery < 1.1.6 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1327
The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed El plugin Image Gallery - Grid Gallery de WordPress en versiones anteriores a la 1.1.6 no sanea y escapa de algunos de sus campos de imagen, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando unfiltered_html está deshabilitado The Image Gallery - Grid Gallery WordPress plugin through 1.1.1 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed • https://wpscan.com/vulnerability/6b71eb38-0a4a-49d1-96bc-84bbe675be1e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-4987
https://notcve.org/view.php?id=CVE-2016-4987
Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. Vulnerabilidad de salto de directorio en el plugin Image Gallery en versiones anteriores a 1.4 en Jenkins permite a atacantes remotos listar directorios arbitrarios y leer archivos arbitrarios a través de campos de formulario no especificados. • https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2016-11018 – Huge-IT gallery-images <= 1.8.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-11018
An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). Se detectó un problema en el plugin Huge-IT gallery-images versiones anteriores a 1.9.0 para WordPress. • http://10degres.net/cve-2016-11018-image-gallery-sql-injection https://plugins.trac.wordpress.org/browser/gallery-images/tags/1.8.9 https://plugins.trac.wordpress.org/browser/gallery-images/tags/1.9.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-7153 – Image Gallery - Responsive Photo Gallery <= 1.0.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2014-7153
SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php. Vulnerabilidad de inyección SQL en la función editgallery en admin/gallery_func.php en el plugin Huge-IT Image Gallery 1.0.1 para WordPress permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro removeslide en wp-admin/admin.php. SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin <= 1.0.7 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php. • https://www.exploit-db.com/exploits/34524 http://packetstormsecurity.com/files/128118/WordPress-Huge-IT-Image-Gallery-1.0.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •