VYPR

Image Gallery

by WordPress

Source repositories

CVEs (10)

  • CVE-2025-49394HigNov 6, 2025
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo…

  • CVE-2024-3896MedJul 24, 2024
    risk 0.35cvss 6.4epss 0.00

    The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the Gallery title field in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2024-13384MedMay 15, 2025
    risk 0.31cvss 4.8epss 0.00

    The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability…

  • CVE-2024-10144MedMay 15, 2025
    risk 0.31cvss 4.8epss 0.00

    The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html…

  • CVE-2022-1327MedJun 27, 2022
    risk 0.31cvss 4.8epss 0.01

    The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

  • CVE-2026-1254MedFeb 14, 2026
    risk 0.21cvss 4.3epss 0.00

    The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.13.6. This is due to the plugin not properly verifying that a user is authorized to modify specific posts before updating…

  • CVE-2025-14003MedDec 15, 2025
    risk 0.21cvss 4.3epss 0.00

    The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `add_images_to_gallery_callback()` function in all versions up to, and including, 2.13.3. This makes it possible for…

  • CVE-2024-9824MedOct 12, 2024
    risk 0.21cvss 4.3epss 0.00

    The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' functions in all versions up to, and including, 1.2.2. This makes it possible…

  • CVE-2024-10102LowJan 7, 2025
    risk 0.18cvss 2.7epss 0.01

    The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

  • CVE-2025-13645Dec 3, 2025
    risk 0.00cvss epss 0.01

    The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above,…