VYPR

Gallery Plugin

by WordPress

Source repositories

CVEs (12)

  • CVE-2022-4060CriJan 16, 2023
    risk 0.67cvss 9.8epss 0.43

    The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.

  • CVE-2012-4919CriJan 22, 2020
    risk 0.64cvss 9.8epss 0.03

    Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability

  • CVE-2023-3154HigOct 16, 2023
    risk 0.49cvss 7.5epss 0.01

    The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.

  • CVE-2023-3155HigOct 16, 2023
    risk 0.47cvss 7.2epss 0.01

    The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.

  • CVE-2025-23842HigJan 16, 2025
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Nilesh Shiragave WordPress Gallery Plugin wordpress-gallery-plugin allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin: from n/a through <= 1.4.

  • CVE-2024-13906HigMar 7, 2025
    risk 0.40cvss 7.2epss 0.01

    The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'import_gallery_from_csv' function. This makes…

  • CVE-2022-2190MedOct 31, 2022
    risk 0.40cvss 6.1epss 0.01

    The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

  • CVE-2023-3279MedOct 16, 2023
    risk 0.32cvss 4.9epss 0.01

    The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks

  • CVE-2024-3899MedSep 11, 2024
    risk 0.31cvss 4.8epss 0.00

    The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform Cross-Site Scripting attacks.

  • CVE-2024-3582MedMay 14, 2024
    risk 0.31cvss 4.8epss 0.00

    The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

  • CVE-2022-4142MedJan 2, 2023
    risk 0.31cvss 4.8epss 0.00

    The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filters passed in the ufg_gallery_filters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the…

  • CVE-2021-24903MedFeb 28, 2022
    risk 0.31cvss 4.8epss 0.01

    The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.