VYPR

Gallery for Social Photo

by WordPress

CVEs (3)

  • CVE-2019-14467HigNov 18, 2019
    risk 0.51cvss 7.8epss 0.02

    The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked.

  • CVE-2025-26742MedMar 25, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo feed-instagram-lite allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through <= 1.0.0.35.

  • CVE-2022-2224MedJul 18, 2022
    risk 0.35cvss 5.4epss 0.00

    The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed. This make it possible for unauthenticated…