cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-6742,https://securityvulnerability.io/vulnerability/CVE-2023-6742,Unauthorized Data Modification Vulnerability in Envira Photo Gallery Plugin for WordPress,"The Envira Photo Gallery plugin for WordPress is susceptible to a vulnerability allowing authenticated attackers, with contributor access or higher, to execute unauthorized modifications of gallery data. This occurs due to inadequate capability checks in the 'envira_gallery_insert_images' function, thereby potentially affecting the integrity of media galleries across user posts. All versions up to and including 1.8.7.1 are impacted, making it crucial for users to apply available updates and ensure proper permissions for their WordPress installations. Immediate action is recommended to mitigate risks associated with this vulnerability.",Wordpress,Gallery Plugin for WordPress – Envira Photo Gallery,4.3,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2024-01-11T08:32:32.827Z,0
CVE-2022-2190,https://securityvulnerability.io/vulnerability/CVE-2022-2190,Envira Gallery Lite < 1.8.4.7 - Reflected Cross-Site Scripting,"The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers",Wordpress,Gallery Plugin For WordPress – Envira Photo Gallery,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2022-10-31T00:00:00.000Z,0