Image Gallery
by WordPress
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49394 | Hig | 0.46 | 7.1 | 0.00 | Nov 6, 2025 | Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo… | ||
| CVE-2024-3896 | Med | 0.35 | 6.4 | 0.00 | Jul 24, 2024 | The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the Gallery title field in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it… | ||
| CVE-2024-13384 | Med | 0.31 | 4.8 | 0.00 | May 15, 2025 | The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability… | ||
| CVE-2024-10144 | Med | 0.31 | 4.8 | 0.00 | May 15, 2025 | The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html… | ||
| CVE-2022-1327 | Med | 0.31 | 4.8 | 0.01 | Jun 27, 2022 | The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||
| CVE-2026-1254 | Med | 0.21 | 4.3 | 0.00 | Feb 14, 2026 | The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly verifying that a user is authorized to modify specific posts before updating… | ||
| CVE-2025-14003 | Med | 0.21 | 4.3 | 0.00 | Dec 15, 2025 | The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `add_images_to_gallery_callback()` function in all versions up to, and including, 2.13.3. This makes it possible for… | ||
| CVE-2024-9824 | Med | 0.21 | 4.3 | 0.00 | Oct 12, 2024 | The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' functions in all versions up to, and including, 1.2.2. This makes it possible… | ||
| CVE-2024-10102 | Low | 0.18 | 2.7 | 0.01 | Jan 7, 2025 | The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | ||
| CVE-2025-13645 | 0.00 | — | 0.01 | Dec 3, 2025 | The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above,… |
- risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo…
- risk 0.35cvss 6.4epss 0.00
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the Gallery title field in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it…
- risk 0.31cvss 4.8epss 0.00
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability…
- risk 0.31cvss 4.8epss 0.00
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html…
- risk 0.31cvss 4.8epss 0.01
The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
- risk 0.21cvss 4.3epss 0.00
The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly verifying that a user is authorized to modify specific posts before updating…
- risk 0.21cvss 4.3epss 0.00
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `add_images_to_gallery_callback()` function in all versions up to, and including, 2.13.3. This makes it possible for…
- risk 0.21cvss 4.3epss 0.00
The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' functions in all versions up to, and including, 1.2.2. This makes it possible…
- risk 0.18cvss 2.7epss 0.01
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
- CVE-2025-13645Dec 3, 2025risk 0.00cvss —epss 0.01
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above,…