CVE-2015-2324
- EPSS 0.89%
- Veröffentlicht 19.02.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 02:27:13
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-9312
- EPSS 45.35%
- Veröffentlicht 28.08.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
CVE-2017-12977
- EPSS 1.59%
- Veröffentlicht 21.08.2017 01:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is e...
CVE-2015-1393
- EPSS 1.66%
- Veröffentlicht 02.02.2015 15:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/ad...
CVE-2015-1055
- EPSS 2.13%
- Veröffentlicht 16.01.2015 15:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php.