Vulnerabilities > Unitegallery > Unite Gallery Lite > High

DATE CVE VULNERABILITY TITLE RISK
2019-09-26 CVE-2015-9446 SQL Injection vulnerability in Unitegallery Unite Gallery Lite
The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.
network
low complexity
unitegallery CWE-89
8.8
8.8
2019-09-26 CVE-2015-9445 Cross-Site Request Forgery (CSRF) vulnerability in Unitegallery Unite Gallery Lite
The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQL injection via wp-admin/admin-ajax.php in a unitegallery_ajax_action operation.
network
low complexity
unitegallery CWE-352
8.8
8.8