cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11002,https://securityvulnerability.io/vulnerability/CVE-2024-11002,Arbitrary Shortcode Execution Vulnerability in InPost Gallery Plugin,"The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.",Wordpress,Inpost Gallery,6.3,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2024-11-26T06:43:44.633Z,0
CVE-2023-28666,https://securityvulnerability.io/vulnerability/CVE-2023-28666,Reflected Cross-Site Scripting Vulnerability in InPost Gallery WordPress Plugin,"The InPost Gallery WordPress plugin, specifically versions prior to 2.2.2, exposes a reflected cross-site scripting vulnerability through the 'imgurl' parameter in the add_inpost_gallery_slide_item action. This security flaw allows authenticated users to inject malicious scripts, potentially leading to data theft or unauthorized actions within the affected environment.",Wordpress,InPost Gallery WordPress Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-03-22T00:00:00.000Z,0
CVE-2022-4063,https://securityvulnerability.io/vulnerability/CVE-2022-4063,InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE,"The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.",Wordpress,Inpost Gallery,9.8,CRITICAL,0.046220000833272934,false,,false,false,true,true,false,false,2022-12-19T13:41:37.739Z,0