Filtered by vendor Contest-gallery
Subscriptions
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4153 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | 6.5 Medium |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload[] POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | ||||
| CVE-2022-4152 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | 6.5 Medium |
| The Contest Gallery WordPress plugin before 19.1.5, Contest Gallery Pro WordPress plugin before 19.1.5 do not escape the option_id POST parameter before concatenating it to an SQL query in edit-options.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | ||||
| CVE-2022-4151 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | 6.5 Medium |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id GET parameter before concatenating it to an SQL query in export-images-data.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | ||||
| CVE-2022-4150 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | 6.5 Medium |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | ||||
| CVE-2022-45848 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | 6.1 Medium |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on WordPress. | ||||
| CVE-2019-5974 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2024-10687 | 1 Contest-gallery | 1 Contest Gallery | 2024-11-08 | 9.8 Critical |
| The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-39631 | 2 Contest-gallery, Contest Gallery | 2 Contest Gallery, Contest Gallery | 2024-09-11 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 23.1.2. | ||||