Photo Gallery

photo_gallery

Vendor: Ays Pro • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-37442 1Ays Pro 1Photo Gallery Nov 21, 2024 Jul 9, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This issue affects Photo Gallery by Ays: f...Show more Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This issue affects Photo Gallery by Ays: from n/a before 5.7.1.Show less
CVE-2023-39917 1Ays Pro 1Photo Gallery Nov 21, 2024 Oct 3, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions.
CVE-2023-32107 1Ays Pro 1Photo Gallery Nov 21, 2024 Aug 18, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions.
CVE-2023-2568 1Ays Pro 1Photo Gallery Nov 21, 2024 Jun 12, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users s...Show more The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2021-24462 1Ays Pro 1Photo Gallery Nov 21, 2024 Aug 2, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in S...Show more The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboardShow less
CVE-2016-10921 1Ays Pro 1Photo Gallery Nov 21, 2024 Aug 22, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.