Vulnerabilities and security researches forunite-gallery-lite unite-gallery-lite

Jun 07, 2024

CVE, Research URL: CVE-2023-34183
Home page URL: Security reports for Unite Gallery Lite
Application: Unite Gallery Lite
Date: Aug 30, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-33310
Home page URL: Security reports for Unite Gallery Lite
Application: Unite Gallery Lite
Date: May 17, 2024
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2015-9446
Home page URL: Security reports for Unite Gallery Lite
Application: Unite Gallery Lite
Date: Sep 26, 2019
Research Description: The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2015-9445
Home page URL: Security reports for Unite Gallery Lite
Application: Unite Gallery Lite
Date: Sep 26, 2019
Research Description: The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2015-9447
Home page URL: Security reports for Unite Gallery Lite
Application: Unite Gallery Lite
Date: Sep 26, 2019
Research Description: The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters.
Affected versions: Min -, max -.
Status: vulnerable

Aug 13, 2024

CVE, Research URL: CVE-2024-43207
Home page URL: Security reports for Unite Gallery Lite
Application: Unite Gallery Lite
Date: Aug 19, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Valiano Unite Gallery Lite.This issue affects Unite Gallery Lite: from n/a through 1.7.62.
Affected versions: Min -, max -.
Status: vulnerable