Inpost Gallery
by WordPress
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-4063 | Cri | 0.64 | 9.8 | 0.10 | Dec 19, 2022 | The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. | ||
| CVE-2026-39574 | Cri | 0.60 | 9.3 | 0.00 | Jun 16, 2026 | Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions. | ||
| CVE-2025-57889 | Hig | 0.49 | 7.5 | 0.00 | Sep 5, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 InPost Gallery inpost-gallery allows PHP Local File Inclusion.This issue affects InPost Gallery: from n/a through <= 2.1.4.5. | ||
| CVE-2023-28666 | Med | 0.35 | 5.4 | 0.00 | Mar 22, 2023 | The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user. | ||
| CVE-2025-26903 | Med | 0.28 | 4.3 | 0.00 | Apr 15, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through <= 2.1.4.3. | ||
| CVE-2024-11002 | 0.00 | — | 0.01 | Nov 26, 2024 | The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not… |
- risk 0.64cvss 9.8epss 0.10
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
- risk 0.60cvss 9.3epss 0.00
Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.
- risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 InPost Gallery inpost-gallery allows PHP Local File Inclusion.This issue affects InPost Gallery: from n/a through <= 2.1.4.5.
- risk 0.35cvss 5.4epss 0.00
The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through <= 2.1.4.3.
- CVE-2024-11002Nov 26, 2024risk 0.00cvss —epss 0.01
The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not…