Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Photo_gallery
(Ays\-Pro)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 6 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2024-07-09 | CVE-2024-37442 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This issue affects Photo Gallery by Ays: from n/a before 5.7.1. | Photo_gallery | 5.5 | ||
2021-08-02 | CVE-2021-24462 | The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard | Photo_gallery | 8.8 | ||
2023-06-12 | CVE-2023-2568 | The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | Photo_gallery | 6.1 | ||
2023-10-03 | CVE-2023-39917 | Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions. | Photo_gallery | 8.8 | ||
2023-08-18 | CVE-2023-32107 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions. | Photo_gallery | 6.1 | ||
2019-08-22 | CVE-2016-10921 | The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection. | Photo_gallery | 9.8 |