Medel 2019-08-09

CVE-2019-14798: The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.

Påverkade versioner: < 1.5.25

The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.

Låg 2019-08-09

CVE-2019-14797: The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.

Påverkade versioner: < 1.5.23

The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.

Kritisk 2019-07-30

CVE-2019-14313: A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary ...

Påverkade versioner: < 1.5.31

A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL...

Medel 2019-04-15

CVE-2018-18019: XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter.

Påverkade versioner: all

XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter.

Hög 2019-04-15

CVE-2018-18018: SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.

Påverkade versioner: all

SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.

Medel 2019-04-15

CVE-2018-18017: XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.

Påverkade versioner: all

XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.

Medel 2019-04-09

CVE-2019-6117: The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function.

Påverkade versioner: all

The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function.

Medel 2018-10-03

CVE-2018-17946: The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter.

Påverkade versioner: < 1.6.6.1

The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter.

Medel 2018-07-13

CVE-2016-6565: The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user...

Påverkade versioner: < 2.1.57

The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to...

Medel 2018-03-01

CVE-2018-7586: In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.

Påverkade versioner: <= 2.2.46

In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.

Låg 2018-02-19

CVE-2015-2324: Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web sc...

Påverkade versioner: < 1.2.13

Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web scrip...

Hög 2017-09-25

CVE-2017-14125: SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme t...

Påverkade versioner: <= 1.2.0

SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task...

Medel 2017-09-12

CVE-2015-9229: In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.

Påverkade versioner: all

In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.

Kritisk 2017-09-12

CVE-2015-9228: In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.

Påverkade versioner: all

In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.

Medel 2017-05-23

CVE-2015-5682: upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.

Påverkade versioner: all

upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.

Hög 2015-12-17

CVE-2015-7527: lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input f...

Påverkade versioner: all

lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input fiel...

Hög 2015-08-18

CVE-2015-5681: Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable exten...

Påverkade versioner: all

Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extensio...

Hög 2015-08-18

CVE-2015-5599: Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name param...

Påverkade versioner: all

Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name paramete...

Hög 2015-05-28

CVE-2015-4133: Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploadi...

Påverkade versioner: <= 3.1.3

Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading...

Medel 2015-02-02

CVE-2015-1393: SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gal...

Påverkade versioner: <= 1.2.9

SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create galler...

Hög 2015-01-16

CVE-2015-1055: SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/a...

Påverkade versioner: all

SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admi...

Medel 2015-01-02

CVE-2014-9441: Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests ...

Påverkade versioner: all

Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests tha...

Medel 2014-11-26

CVE-2014-9094: Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web...

Påverkade versioner: all

Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web sc...

Medel 2014-10-10

CVE-2014-6315: Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1)...

Påverkade versioner: all

Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ca...

Medel 2014-09-22

CVE-2014-7153: SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL ...

Påverkade versioner: all

SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL com...

Medel 2014-09-11

CVE-2014-5460: Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then...

Påverkade versioner: <= 1.4.6

Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then ac...

Medel 2014-08-06

CVE-2014-5186: SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter i...

Påverkade versioner: all

SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a...

Hög 2014-08-06

CVE-2012-6653: Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack vectors.

Påverkade versioner: <= 1.1.0

Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack vectors.

Medel 2014-07-02

CVE-2014-4529: Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the pa...

Påverkade versioner: <= 0.7

Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path...

Medel 2014-05-30

CVE-2014-3923: Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLin...

Påverkade versioner: all

Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink p...

Låg 2014-05-08

CVE-2014-3123: Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, ...

Påverkade versioner: <= 1.9.17

Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, Nex...

Medel 2014-05-06

CVE-2014-2558: The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fie...

Påverkade versioner: <= 1.7.9

The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields...

Låg 2014-04-11

CVE-2014-2333: Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of the...

Påverkade versioner: <= 1.1.20

Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these...

Medel 2013-07-16

CVE-2013-4117: Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via ...

Påverkade versioner: all

Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the...

Kritisk 2012-06-16

CVE-2012-3575: Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension...

Påverkade versioner: all

Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, t...

Medel 2011-10-07

CVE-2010-4875: Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web scr...

Påverkade versioner: all

Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script...

Medel 2010-04-07

CVE-2010-1186: Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode pa...

Påverkade versioner: <= 1.5.1

Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode param...

Medel 2008-12-30

CVE-2008-5752: Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrar...

Påverkade versioner: <= 0.2.2

Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary f...

Gallery plugin

Kända sårbarheter

CVE-2019-14798: The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.

CVE-2019-14797: The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.

CVE-2019-14313: A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary ...

CVE-2018-18019: XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter.

CVE-2018-18018: SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.

CVE-2018-18017: XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.

CVE-2019-6117: The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function.

CVE-2018-17946: The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter.

CVE-2016-6565: The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user...

CVE-2018-7586: In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.

CVE-2015-2324: Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web sc...

CVE-2017-14125: SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme t...

CVE-2015-9229: In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.

CVE-2015-9228: In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.

CVE-2015-5682: upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.

CVE-2015-7527: lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute arbitrary code via shell metacharacters in the "Width of preview image" and possibly other input f...

CVE-2015-5681: Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable exten...

CVE-2015-5599: Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name param...

CVE-2015-4133: Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploadi...

CVE-2015-1393: SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gal...

CVE-2015-1055: SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/a...

CVE-2014-9441: Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests ...

CVE-2014-9094: Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web...

CVE-2014-6315: Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1)...

CVE-2014-7153: SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL ...

CVE-2014-5460: Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then...

CVE-2014-5186: SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter i...

CVE-2012-6653: Unspecified vulnerability in the All Video Gallery (all-video-gallery) plugin before 1.2.0 for WordPress has unspecified impact and attack vectors.

CVE-2014-4529: Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the pa...

CVE-2014-3923: Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLin...

CVE-2014-3123: Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, ...

CVE-2014-2558: The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fie...

CVE-2014-2333: Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of the...

CVE-2013-4117: Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via ...

CVE-2012-3575: Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension...

CVE-2010-4875: Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web scr...

CVE-2010-1186: Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode pa...

CVE-2008-5752: Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrar...

Vår rekommendation

Andra tillägg med kända sårbarheter