Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-0938
A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate th...
Music Gallery Site Project Music Gallery Site 1.0
9.8
CVSSv3
CVE-2023-23162
Art Gallery Management System Project v1.0 exists to contain a SQL injection vulnerability via the cid parameter at product.php.
Phpgurukul Art Gallery Management System 1.0
9.8
CVSSv3
CVE-2023-23163
Art Gallery Management System Project v1.0 exists to contain a SQL injection vulnerability via the editid parameter.
Phpgurukul Art Gallery Management System 1.0
9.8
CVSSv3
CVE-2022-4060
The User Post Gallery WordPress plugin up to and including 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.
Odude User Post Gallery
3 Github repositories
9.8
CVSSv3
CVE-2022-4063
The InPost Gallery WordPress plugin prior to 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing malicious users to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
Pluginus Inpost Gallery
1 Github repository
9.8
CVSSv3
CVE-2022-35726
Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress.
Yotuwp Video Gallery
9.8
CVSSv3
CVE-2022-0826
The WP Video Gallery WordPress plugin up to and including 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Wp-video-gallery-free Project Wp-video-gallery-free
9.8
CVSSv3
CVE-2022-1281
The Photo Gallery WordPress plugin up to and including 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
10web Photo Gallery
9.8
CVSSv3
CVE-2022-0169
The Photo Gallery by 10Web WordPress plugin prior to 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthe...
10web Photo Gallery
9.8
CVSSv3
CVE-2021-24867
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were upd...
Accesspressthemes Accessbuddy 1.0.0
Accesspressthemes Accesspress Anonymous Post 2.8.0
Accesspressthemes Accesspress Basic 3.2.1
Accesspressthemes Accesspress Custom Css 2.0.1
Accesspressthemes Accesspress Custom Post Type 1.0.8
Accesspressthemes Accesspress Ifeeds 4.0.3
Accesspressthemes Accesspress Lite 2.92
Accesspressthemes Accesspress Mag 2.6.5
Accesspressthemes Accesspress Parallax 4.5
Accesspressthemes Accesspress Ray 1.19.5
Accesspressthemes Accesspress Root 2.5
Accesspressthemes Accesspress Social Counter 1.9.1
Accesspressthemes Accesspress Social Icons 1.8.2
Accesspressthemes Accesspress Social Login Lite 3.4.7
Accesspressthemes Accesspress Social Share 4.5.5
Accesspressthemes Accesspress Staple 1.9.1
Accesspressthemes Accesspress Store 2.4.9
Accesspressthemes Agency Lite 1.1.6
Accesspressthemes Ap Companion
Accesspressthemes Ap Contact Form 1.0.6
Accesspressthemes Ap Custom Testimonial 1.4.6
Accesspressthemes Ap Mega Menu 3.0.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »