VYPR

Gallery

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-26778MedFeb 17, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Gallery gallery allows Stored XSS.This issue affects Gallery: from n/a through <= 2.2.1.

  • CVE-2022-1946Jul 4, 2022
    risk 0.00cvss epss 0.01

    The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue