CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43207 – WordPress Unite Gallery Lite plugin <= 1.7.62 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-43207
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62. The Unite Gallery Lite plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.7.62 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-62-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34183 – WordPress Unite Gallery Lite Plugin <= 1.7.61 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-34183
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en el plugin Unite Gallery Lite de Valiano que afecta a las versiones 1.7.61 e inferiores. Para explotar esta vulnerabilidad hace falta estar autenticado y tener permisos de administrador o superior. The Unite Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in versions up to, and including, 1.7.61 due to insufficient input sanitization and output escaping. • https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-60-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33310 – WordPress Unite Gallery Lite plugin <= 1.7.59 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2023-33310
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59. La limitación incorrecta de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en Valiano Unite Gallery Lite permite la inclusión de archivos locales PHP. Este problema afecta a Unite Gallery Lite: desde n/a hasta 1.7.59. The Unite Gallery Lite plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.7.59 via the 'view' parameter. This allows authenticated attackers with administrator-level privileges to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. • https://patchstack.com/database/vulnerability/unite-gallery-lite/wordpress-unite-gallery-lite-plugin-1-7-59-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-9445 – Unite Gallery Lite <= 1.4.6 - Cross-Site Request Forgery & Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2015-9445
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. El plugin unite-gallery-lite anteriores a 1.5 para WordPress, presenta una vulnerabilidad de tipo CSRF y una inyección SQL por medio del archivo wp-admin/admin-ajax.php en una operación unitegallery_ajax_action. • http://packetstormsecurity.com/files/132842 https://wordpress.org/plugins/unite-gallery-lite/#developers https://wpvulndb.com/vulnerabilities/8113 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-9446 – Unite Gallery Lite < 1.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-9446
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. El plugin unite-gallery-lite versiones anteriores a 1.5 para WordPress, presenta una inyección SQL por medio del parámetro data[galleryID] en el archivo wp-admin/admin-ajax.php. • http://packetstormsecurity.com/files/132842 https://wordpress.org/plugins/unite-gallery-lite/#developers https://wpvulndb.com/vulnerabilities/8113 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •