cleantalk
Vulnerabilities and Security Researches

Portfolio Responsive Gallery, CVE-2021-24457

CVE, Research URL

CVE-2021-24457

Home page URL

Security reports for Portfolio Responsive Gallery

Application

Portfolio Responsive Gallery

Published on
Aug 02, 2021
Research Description
The get_portfolios() and get_portfolio_attributes() functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
Affected versions
max 1.1.8.
Status
vulnerable
Previous vulnerability researches
Portfolio Responsive Gallery (CVE-2021-24457) , Jun 06, 2024
Portfolio Responsive Gallery (bd2e0643-c83b-4ca6-9332-66e4c49252ba) , Jun 16, 2026
Portfolio Responsive Gallery (16f0b7a49c93613f83413fb79c8afc52367cf91b) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar – Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026