VYPR

New Grid Gallery

by WordPress

CVEs (2)

  • CVE-2024-1897HigMay 2, 2024
    risk 0.49cvss 7.5epss 0.01

    The Grid Gallery – Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization via shortcode of untrusted input from the awl_gg_settings_ meta value. This makes it possible for…

  • CVE-2021-24529MedAug 23, 2021
    risk 0.35cvss 5.4epss 0.01

    The Grid Gallery – Photo Image Grid Gallery WordPress plugin before 1.2.5 does not properly sanitize the title field for image galleries when adding them via the admin dashboard, resulting in an authenticated Stored Cross-Site Scripting vulnerability.