The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views' functions. This...
8.8CVSS
8.4AI Score
0.0004EPSS
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views' functions. This...
8.8CVSS
6.8AI Score
0.0004EPSS
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views' functions. This...
8.8CVSS
0.0004EPSS
The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGM_all_photos_details' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...
8.8CVSS
8.8AI Score
0.001EPSS
The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...
9.3CVSS
9.1AI Score
0.001EPSS
The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGM_all_photos_details' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...
8.8CVSS
0.001EPSS
The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...
9.3CVSS
0.001EPSS
The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGM_all_photos_details' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...
8.8CVSS
7.2AI Score
0.001EPSS
The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGM_all_photos_details' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...
8.8CVSS
0.001EPSS
The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...
9.3CVSS
7AI Score
0.001EPSS
The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...
9.3CVSS
0.001EPSS
Photo Gallery by 10Web <= 1.8.25 - Missing Authorization
Description The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.25. This makes it possible for authenticated attackers, with Subscriber-level...
4.3CVSS
6.4AI Score
0.0004EPSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...
0.0004EPSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...
5.6AI Score
0.0004EPSS
CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...
0.0004EPSS
Photo Gallery by 10Web < 1.8.22 - Multiple Reflected XSS
Description The plugin is vulnerable to Reflected Cross-Site Scripting via the 'image_id', 'current_url', 'image_url' and 'thumb_url' parameters due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages....
5.4CVSS
6.4AI Score
0.0004EPSS
7AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
0.0004EPSS
0.0004EPSS
0.0004EPSS
0.0004EPSS
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and...
6.4CVSS
6.8AI Score
0.0004EPSS
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...
9.8CVSS
9.8AI Score
0.001EPSS
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...
9.8CVSS
0.001EPSS
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and...
6.4CVSS
0.0004EPSS
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and...
6.4CVSS
0.0004EPSS
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...
9.8CVSS
0.001EPSS
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...
9.8CVSS
8.2AI Score
0.001EPSS
8.8CVSS
6.5AI Score
0.001EPSS
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
0.0004EPSS
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
0.0004EPSS
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
0.0004EPSS
Description The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to...
6.4CVSS
7.9AI Score
0.0004EPSS
Description The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary...
9.8CVSS
8.2AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.9AI Score
EPSS
Operation Celestial Force employs mobile and desktop malware to target Indian entities
By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...
7.2AI Score
The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...
0.0004EPSS
The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...
5.7AI Score
0.0004EPSS
CVE-2024-2762 FooGallery < 2.4.15 - Author+ Stored XSS
The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...
0.0004EPSS
CVE-2024-2762 FooGallery < 2.4.15 - Author+ Stored XSS
The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...
5.9AI Score
0.0004EPSS
Description The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.7AI Score
0.0004EPSS
Description The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...
6.5CVSS
5.8AI Score
0.0004EPSS
Description The Gallery – Image and Video Gallery with Thumbnails plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it.....
8.5CVSS
7.2AI Score
0.0004EPSS
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...
6.1CVSS
5.4AI Score
0.0004EPSS
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...
6.1CVSS
5.9AI Score
0.0004EPSS
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...
6.1CVSS
0.0004EPSS
CVE-2024-37304 NuGetGallery's Markdown Autolinks Processing Vulnerable to Cross-site Scripting
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...
6.1CVSS
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization...
6.4CVSS
5.8AI Score
0.0004EPSS
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization...
6.4CVSS
0.0004EPSS