Vulnerabilities and security researches forwp-easy-gallery wp-easy-gallery

Jun 07, 2024

CVE, Research URL: ab07689cea09dc1b31a6168441b576a38459ecee
Home page URL: Security reports for WP Easy Gallery – WordPress Gallery Plugin
Application: WP Easy Gallery – WordPress Gallery Plugin
Date: Jan 26, 2016
Research Description: WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 1.8 WordPress WP Easy Gallery Plugin <= 2.7 - Cross Site Request Forgery This plugin is prone to a cross site request forgery vulnerability. Upgrade this plugin.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2013-6837
Home page URL: Security reports for WP Easy Gallery – WordPress Gallery Plugin
Application: WP Easy Gallery – WordPress Gallery Plugin
Date: Dec 19, 2013
Research Description: Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI.
Affected versions: Min -, max -.
Status: vulnerable

Sep 25, 2024

CVE, Research URL: CVE-2024-8436
Home page URL: Security reports for WP Easy Gallery – WordPress Gallery Plugin
Application: WP Easy Gallery – WordPress Gallery Plugin
Date: Sep 25, 2024
Research Description: The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'edit_imageId' and 'edit_imageDelete' parameters in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-8437
Home page URL: Security reports for WP Easy Gallery – WordPress Gallery Plugin
Application: WP Easy Gallery – WordPress Gallery Plugin
Date: Sep 25, 2024
Research Description: The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify galleries.
Affected versions: Min -, max -.
Status: vulnerable

Oct 01, 2024

CVE, Research URL: CVE-2024-9018
Home page URL: Security reports for WP Easy Gallery – WordPress Gallery Plugin
Application: WP Easy Gallery – WordPress Gallery Plugin
Date: Oct 01, 2024
Research Description: The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: Min -, max -.
Status: vulnerable