Or Benit

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order by' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is exploitable by embedding a malicious shortcode in a post or draft, allowing the injected SQL to execute when the shortcode is rendered.

Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions up to and including 3.3.51 Description The Download Manager plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check in the `makeMediaPublic()` and `makeMediaPrivate()` functions. These functions only verify the `edit posts` capability, failing to confirm post ownership using `current user can('edit post', $id)`. The destructive operations occur before the admin-level check in `mediaAccessControl()`. Authenticated attackers with Contributor-level access or higher can remove protection metadata (passwords, access restrictions, private flags) from any media file, even those they do not own, making admin-protected files publicly accessible via their direct URL. Recommendations Update to a version beyond 3.3.51.

**Name of the Vulnerable Software and Affected Versions** Enable Media Replace plugin for WordPress versions through 4.1.7 **Description** The Enable Media Replace plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to an insufficient capability check within the `RemoveBackGroundViewController::load` function. Authenticated attackers with Author-level access or higher can replace any attachment with a removed background attachment. **Recommendations** Update the Enable Media Replace plugin to a version later than 4.1.7.