Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery project vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-4651
The Justified Gallery WordPress plugin prior to 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Justified Gallery Project Justified Gallery
7.2
CVSSv3
CVE-2016-10940
The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.
Zm-gallery Project Zm-gallery 1.0
7.5
CVSSv3
CVE-2015-5682
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote malicious users to create arbitrary directories via vectors related to the targetDir variable.
Powerplay Gallery Project Powerplay Gallery 3.3
NA
CVE-2014-5201
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote malicious users to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php.
Gallery Objects Project Gallery Objects 0.4
1 EDB exploit
NA
CVE-2015-5599
Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) albumid or (2) name parameter.
Powerplay Gallery Project Powerplay Gallery 3.3
5.4
CVSSv3
CVE-2023-0060
The Responsive Gallery Grid WordPress plugin prior to 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-S...
Responsive Gallery Grid Project Responsive Gallery Grid
8.8
CVSSv3
CVE-2023-41876
Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions.
Wp Gallery Metabox Project Wp Gallery Metabox
5.4
CVSSv3
CVE-2022-4783
The Youtube Channel Gallery WordPress plugin up to and including 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Store...
Youtube Channel Gallery Project Youtube Channel Gallery
6.1
CVSSv3
CVE-2015-9327
The flickr-justified-gallery plugin prior to 3.4.0 for WordPress has XSS.
Flickr Justified Gallery Project Flickr Justified Gallery
4.8
CVSSv3
CVE-2022-4142
The WordPress Filter Gallery Plugin WordPress plugin prior to 0.1.6 does not properly escape the filters passed in the ufg_gallery_filters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the ...
Wordpress Filter Gallery Project Wordpress Filter Gallery
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »