VYPR

Image Gallery – Photo Grid & Video Gallery

by WordPress

CVEs (2)

  • CVE-2025-13891MedDec 12, 2025
    risk 0.42cvss 6.5epss 0.00

    The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.13.3. This is due to the modula_list_folders AJAX endpoint that lacks proper path validation and base directory restrictions. While the…

  • CVE-2025-12494MedNov 15, 2025
    risk 0.21cvss 4.3epss 0.00

    The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajax_import_file function in all versions up to, and including, 2.12.28. This makes it possible for authenticated…