Search Results | AttackerKB

Show filters

Topics 31 Users 9,712

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

31 Total Results

Displaying 21-30 of 31

Attacker Value

Unknown

CVE-2018-18019

Disclosure Date: April 15, 2019 (last updated November 27, 2024)

XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter.

0

Attacker Value

Unknown

CVE-2018-18017

Disclosure Date: April 15, 2019 (last updated November 27, 2024)

XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.

0

Attacker Value

Unknown

CVE-2018-17946

Disclosure Date: October 03, 2018 (last updated November 27, 2024)

The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter.

0

Attacker Value

Unknown

CVE-2017-1002015

Disclosure Date: September 14, 2017 (last updated November 26, 2024)

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.

0

Attacker Value

Unknown

CVE-2017-1002012

Disclosure Date: September 14, 2017 (last updated November 26, 2024)

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.

0

Attacker Value

Unknown

CVE-2017-1002013

Disclosure Date: September 14, 2017 (last updated November 26, 2024)

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.

0

Attacker Value

Unknown

CVE-2017-1002011

Disclosure Date: September 14, 2017 (last updated November 26, 2024)

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database.

0

Attacker Value

Unknown

CVE-2017-1002014

Disclosure Date: September 14, 2017 (last updated November 26, 2024)

Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.

0

Attacker Value

Unknown

CVE-2014-8375

Disclosure Date: October 21, 2014 (last updated October 05, 2023)

SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.

0

Attacker Value

Unknown

CVE-2014-5460

Disclosure Date: September 11, 2014 (last updated October 05, 2023)

Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.

0