Robo Gallery
by WordPress
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5343 | Hig | 0.50 | 8.8 | 0.00 | Jun 19, 2024 | The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views'… | ||
| CVE-2026-4300 | Med | 0.42 | 6.4 | 0.00 | Apr 8, 2026 | The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom `|***...***|` marker pattern in its `fixJsFunction()` method to embed raw JavaScript function… | ||
| CVE-2024-3894 | Med | 0.42 | 6.4 | 0.00 | Jun 19, 2024 | The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an Image Title in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2025-47521 | Med | 0.38 | 5.9 | 0.00 | May 7, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows Stored XSS.This issue affects Robo Gallery: from n/a through <= 5.0.2. | ||
| CVE-2024-49696 | Med | 0.38 | 5.9 | 0.00 | Oct 24, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows Stored XSS.This issue affects Robo Gallery: from n/a through <= 3.2.21. | ||
| CVE-2022-45841 | Med | 0.35 | 5.4 | 0.00 | Dec 13, 2024 | Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9. | ||
| CVE-2024-3896 | Med | 0.35 | 6.4 | 0.00 | Jul 24, 2024 | The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the Gallery title field in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it… | ||
| CVE-2024-34382 | Med | 0.34 | 5.3 | 0.00 | May 6, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18. | ||
| CVE-2024-8431 | Med | 0.21 | 4.3 | 0.00 | Oct 8, 2024 | The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated… |
- risk 0.50cvss 8.8epss 0.00
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views'…
- risk 0.42cvss 6.4epss 0.00
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in all versions up to, and including, 5.1.3. The plugin uses a custom `|***...***|` marker pattern in its `fixJsFunction()` method to embed raw JavaScript function…
- risk 0.42cvss 6.4epss 0.00
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an Image Title in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows Stored XSS.This issue affects Robo Gallery: from n/a through <= 5.0.2.
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows Stored XSS.This issue affects Robo Gallery: from n/a through <= 3.2.21.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9.
- risk 0.35cvss 6.4epss 0.00
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the Gallery title field in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it…
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18.
- risk 0.21cvss 4.3epss 0.00
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated…