Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-9447 | 1 Unitegallery | 1 Unite Gallery Lite | 2019-09-27 | 4.3 MEDIUM | 6.5 MEDIUM |
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. | |||||
CVE-2015-9445 | 1 Unitegallery | 1 Unite Gallery Lite | 2019-09-26 | 6.8 MEDIUM | 8.8 HIGH |
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. | |||||
CVE-2015-9446 | 1 Unitegallery | 1 Unite Gallery Lite | 2019-09-26 | 6.5 MEDIUM | 8.8 HIGH |
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. |