cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forportfolio-responsive-gallery portfolio-responsive-gallery

Direction: ascending
Jun 06, 2024

Portfolio Responsive Gallery # CVE-2021-24457

CVE, Research URL

CVE-2021-24457

Home page URL

Security reports for Portfolio Responsive Gallery

Application

Portfolio Responsive Gallery

Date
Aug 02, 2021
Research Description
The get_portfolios() and get_portfolio_attributes() functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
Affected versions
max 1.1.8.
Status
vulnerable
Jun 16, 2026

Portfolio Responsive Gallery # bd2e0643-c83b-4ca6-9332-66e4c49252ba

CVE, Research URL

bd2e0643-c83b-4ca6-9332-66e4c49252ba

Home page URL

Security reports for Portfolio Responsive Gallery

Application

Portfolio Responsive Gallery

Date
-
Research Description
Portfolio Responsive Gallery [portfolio-responsive-gallery] < 1.1.8 Multiple Plugins from AYS Pro - Reflected Cross-Site Scripting (XSS) The plugins did not properly sanitise and escape some GET parameters before outputting them back in attributes, leading to reflected Cross-Site Scripting issues which will be executed in the context of a logged in administrator
Affected versions
max 1.1.8.
Status
vulnerable

Portfolio Responsive Gallery # 16f0b7a49c93613f83413fb79c8afc52367cf91b

CVE, Research URL

16f0b7a49c93613f83413fb79c8afc52367cf91b

Home page URL

Security reports for Portfolio Responsive Gallery

Application

Portfolio Responsive Gallery

Date
Jun 29, 2021
Research Description
Portfolio Responsive Gallery [portfolio-responsive-gallery] < 1.1.8 Portfolio Responsive Gallery <= 1.1.7 - Cross-Site Scripting The Portfolio Responsive Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 1.1.8.
Status
vulnerable