Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-45066
Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress.
Thriveweb Wooswipe Woocommerce Gallery
8.8
CVSSv3
CVE-2021-38819
A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through "id" parameter on the album page.
Simple Image Gallery Web App Project Simple Image Gallery Web App -
1 Github repository
8.8
CVSSv3
CVE-2022-36394
Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.
Contest-gallery Contest Gallery
8.8
CVSSv3
CVE-2022-36292
Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.
Wpchill Gallery Photoblocks
8.8
CVSSv3
CVE-2015-1784
In nextgen-galery wordpress plugin prior to 2.0.77.3 there are two vulnerabilities which can allow an malicious user to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing...
Imagely Nextgen Gallery
8.8
CVSSv3
CVE-2021-34257
Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image.
Wpanel Cms Project Wpanel Cms
8.8
CVSSv3
CVE-2021-24457
The get_portfolios() and get_portfolio_attributes() functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin prior to 1.1.8 did not use whitelist ...
Ays-pro Portfolio Responsive Gallery
8.8
CVSSv3
CVE-2021-24462
The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin prior to 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, ...
Ays-pro Photo Gallery
8.8
CVSSv3
CVE-2020-35942
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin prior to 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including ...
Imagely Nextgen Gallery
8.8
CVSSv3
CVE-2020-28687
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote malicious users to upload arbitrary files.
Artworks Gallery In Php\\, Css\\, Javascript\\, And Mysql Project Artworks Gallery In Php\\, Css\\, Javascript\\, And Mysql 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »