cleantalk
Vulnerabilities and Security Researches

Gallery Block (Meow Gallery), CVE-2021-24465

CVE, Research URL

CVE-2021-24465

Home page URL

Security reports for Gallery Block (Meow Gallery)

Application

Gallery Block (Meow Gallery)

Published on
Oct 04, 2021
Research Description
The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned values to be manipulated in a way that could lead to data disclosure and arbitrary objects to be deserialized.
Affected versions
Min -, max 4.2.0.
Status
vulnerable
Previous vulnerability researches
Gallery Block (Meow Gallery) (CVE-2024-4386) , Jun 07, 2024
Gallery Block (Meow Gallery) (CVE-2021-24465) , Jun 07, 2024
Gallery Block (Meow Gallery) (CVE-2025-47449) , May 09, 2025
New vulnerability
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025