WordPress Plugin Vulnerabilities

Unite Gallery Lite < 1.5 - CSRF & Authenticated SQL Injection

Description

The Unite Gallery Lite WordPress plugin was affected by a CSRF & Authenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
unite-gallery-lite
Fixed in 1.5

References

CVE
CVE-2015-9447
CVE
CVE-2015-9446
CVE
CVE-2015-9445
Exploitdb
37705
URL
https://packetstormsecurity.com/files/#132842/
URL
https://seclists.org/fulldisclosure/2015/Jul/114
URL
https://plugins.trac.wordpress.org/changeset/1178586/unite-gallery-lite

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
59e9100b-6b3d-42f5-b38e-59e72305b15d

Timeline

Publicly Published
2015-07-25 (about 10 years ago)
Added
2015-07-25 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-12-14
Title
Lightbox Photo Gallery 1.0 - CSRF/XSS
Published
2016-07-19
Title
Icegram <= 1.9.18 - Cross-Site Request Forgery (CSRF) & XSS
Published
2015-11-21
Title
WP RSS Multi Importer <= 3.15 - Blind SQL Injection & Cross-Site Scripting (XSS)
Published
2019-05-25
Title
Related YouTube Videos <= 1.9.8 - CSRF & XSS
Published
2019-08-12
Title
Cforms & CformsII <= 15.0.1 - Unauthenticated HTML Injection & CSRF