cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10102,https://securityvulnerability.io/vulnerability/CVE-2024-10102,Stored Cross-Site Scripting in Rbs Image Gallery Plugin for WordPress,"The Rbs Image Gallery plugin for WordPress, specifically versions prior to 3.2.22, lacks proper sanitization and escaping of certain Gallery settings. This oversight opens the door for high-privilege users, such as contributors, to carry out Stored Cross-Site Scripting (XSS) attacks. Successful exploitation could lead to the injection of malicious scripts, potentially compromising the security of the website and its users.",Wordpress,"Photo Gallery, Images, Slider In Rbs Image Gallery",,,0.0004299999854993075,false,,false,false,true,true,false,false,2025-01-07T06:00:02.472Z,0
CVE-2024-8431,https://securityvulnerability.io/vulnerability/CVE-2024-8431,Unauthorized Access to Private Post Titles in Rbs Image GalleryPlugin,"The Rbs Image Gallery plugin for WordPress features a security flaw that enables unauthorized data access due to a lack of necessary capability checks within the ajaxGetGalleryJson() function. This vulnerability impacts all versions up to and including 3.2.21, allowing authenticated users with subscriber-level access or higher to exploit the weakness and retrieve private post titles, compromising data confidentiality and user privacy.",Wordpress,"Photo Gallery, Images, Slider In Rbs Image Gallery",4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-10-08T11:34:18.616Z,0
CVE-2024-3896,https://securityvulnerability.io/vulnerability/CVE-2024-3896,Stored Cross-Site Scripting Vulnerability in Rbs Image Gallery Plugin,"The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the Gallery title field in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Photo Gallery, Images, Slider In Rbs Image Gallery",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-24T12:43:37.687Z,0
CVE-2024-3894,https://securityvulnerability.io/vulnerability/CVE-2024-3894,Stored Cross-Site Scripting Vulnerability in Image Gallery Plugin,"The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an Image Title in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Photo Gallery, Images, Slider In Rbs Image Gallery",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-19T06:55:46.035Z,0
CVE-2024-5343,https://securityvulnerability.io/vulnerability/CVE-2024-5343,Cross-Site Request Forgery Vulnerability in Image Gallery Plugin,"The Rbs Image Gallery plugin for WordPress is affected by a vulnerability that enables Cross-Site Request Forgery (CSRF) attacks. This vulnerability stems from insufficient or incorrect nonce validation in the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views' functions. Attackers can exploit this weakness to deceive users with Contributor+ privileges into executing unauthorized actions, such as creating new posts or resetting gallery view counts, simply by clicking on malicious links. This poses a significant risk to the integrity of user-generated content and could lead to unwanted changes in the gallery's settings.",Wordpress,"Photo Gallery, Images, Slider In Rbs Image Gallery",8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-19T05:37:42.737Z,0
CVE-2023-3499,https://securityvulnerability.io/vulnerability/CVE-2023-3499,Robo Gallery < 3.2.16 - Admin+ Stored XSS,"The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,"Photo Gallery, Images, Slider in Rbs Image Gallery",4.8,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2023-09-04T12:15:00.000Z,0