Filtered by vendor Contest Gallery
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-39631 | 2 Contest-gallery, Contest Gallery | 2 Contest Gallery, Contest Gallery | 2024-09-11 | 7.1 High |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 23.1.2. | ||||
CVE-2021-24915 | 1 Contest Gallery | 1 Contest Gallery | 2024-08-03 | 9.8 Critical |
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address |
Page 1 of 1.