This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Unitegallery | First view | 2019-09-26 |
| Product | Unite Gallery Lite | Last view | 2023-08-30 |
| Version | * | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | wordpress | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:unitegallery:unite_gallery_lite | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.8 | 2023-08-30 | CVE-2023-34183 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <=Â 1.7.61 versions. |
| 6.5 | 2019-09-26 | CVE-2015-9447 | The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin.php galleryid or id parameters. |
| 8.8 | 2019-09-26 | CVE-2015-9446 | The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. |
| 8.8 | 2019-09-26 | CVE-2015-9445 | The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 66% (2) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 33% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
