WordPress Plugin Vulnerabilities

Easy Media Gallery < 1.3.0 - CSRF & Cross-Site Scripting (XSS)

Description

Most of the AJAX actions from the plugin v1.2.59 and below are lacking capability and in some cases CSRF checks as well, which could lead to unauthorised actions being performed and Cross-Site Scripting issues.

Affects Plugins

Plugin icon
easy-media-gallery-pro
Fixed in 1.3.0

References

URL
https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-1/

Miscellaneous

Original Researcher
Voxel@Night
Verified
No
WPVDB ID
a2e1b860-c640-408b-97a9-552dd7ade050

Timeline

Publicly Published
2014-09-17 (about 11 years ago)
Added
2014-09-17 (about 11 years ago)
Last Updated
2021-01-16 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Spider Catalog - Cross-Site Scripting & SQL Injection Vulnerabilities
Published
2014-08-01
Title
WordPress <= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass
Published
2014-08-01
Title
Pinterest "Pin It" Button Lite 1.3.1 - Multiple Unspecified Vulnerabilities
Published
2020-02-24
Title
Ultimate Membership Pro < 8.6.2 - Multiple CSRF Issues via AJAX Calls, Insufficient Filename Entropy
Published
2019-07-08
Title
WP Custom Body Class <= 0.7.0 - CSRF to Stored XSS and Settings Update