← Back

Unitegallery

unitegallery

4 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Unite Gallery Lite
unite_gallery_lite
4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-34183
1Unitegallery
1Unite Gallery Lite
Jun 17, 2026
Aug 30, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions.
CVE-2015-9447
1Unitegallery
1Unite Gallery Lite
Nov 21, 2024
Sep 26, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters.
CVE-2015-9446
1Unitegallery
1Unite Gallery Lite
Nov 21, 2024
Sep 26, 2019
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.
CVE-2015-9445
1Unitegallery
1Unite Gallery Lite
Nov 21, 2024
Sep 26, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.