cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9776,https://securityvulnerability.io/vulnerability/CVE-2024-9776,Stored Cross-Site Scripting Vulnerability Affects ImagePress Image Gallery Plugin,"The ImagePress – Image Gallery plugin for WordPress has a vulnerability allowing for Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This vulnerability affects all versions of the plugin up to and including 1.2.2. Authenticated attackers with administrator-level permissions can exploit this issue to inject arbitrary web scripts into WordPress pages, executing them whenever a user accesses an affected page. Only multi-site installations and setups with unfiltered_html disabled are impacted, potentially exposing sensitive user data and undermining website integrity.",Wordpress,Imagepress – Image Gallery,4.8,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-10-12T05:39:41.095Z,0
CVE-2024-9824,https://securityvulnerability.io/vulnerability/CVE-2024-9824,Unauthorized Modification and Data Loss Vulnerability in ImagePress Image Gallery Plugin,"The ImagePress – Image Gallery plugin for WordPress has a security flaw that enables authenticated users with Subscriber-level access and above to modify and delete content. This vulnerability arises from a lack of capability checks in the 'ip_delete_post' and 'ip_update_post_title' functions, making it feasible for attackers to execute unauthorized actions on posts. Users should immediately check and update their plugins to mitigate potential risks associated with this vulnerability.",Wordpress,Imagepress – Image Gallery,4.3,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2024-10-12T05:39:39.419Z,0
CVE-2024-9778,https://securityvulnerability.io/vulnerability/CVE-2024-9778,Cross-Site Request Forgery Vulnerability in ImagePress Image Gallery Plugin,"The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepress_admin_page' function. This makes it possible for unauthenticated attackers to update plugin settings, including redirection URLs, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Imagepress – Image Gallery,4.3,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2024-10-12T05:39:38.745Z,0