CVE-2024-43207 – WordPress Unite Gallery Lite plugin <= 1.7.62 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-43207
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62. The Unite Gallery Lite plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.7.62 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-62-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-33310 – WordPress Unite Gallery Lite plugin <= 1.7.59 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2023-33310
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59. La limitación incorrecta de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en Valiano Unite Gallery Lite permite la inclusión de archivos locales PHP. Este problema afecta a Unite Gallery Lite: desde n/a hasta 1.7.59. The Unite Gallery Lite plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.7.59 via the 'view' parameter. This allows authenticated attackers with administrator-level privileges to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. • https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-59-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •