VYPR

Inpost Gallery

by WordPress

Source repositories

CVEs (6)

  • CVE-2022-4063CriDec 19, 2022
    risk 0.64cvss 9.8epss 0.10

    The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.

  • CVE-2026-39574CriJun 16, 2026
    risk 0.60cvss 9.3epss 0.00

    Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.

  • CVE-2025-57889HigSep 5, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 InPost Gallery inpost-gallery allows PHP Local File Inclusion.This issue affects InPost Gallery: from n/a through <= 2.1.4.5.

  • CVE-2023-28666MedMar 22, 2023
    risk 0.35cvss 5.4epss 0.00

    The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user.

  • CVE-2025-26903MedApr 15, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through <= 2.1.4.3.

  • CVE-2024-11002Nov 26, 2024
    risk 0.00cvss epss 0.01

    The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not…