Envira Photo Gallery
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-54190 | Med | 0.42 | 6.5 | — | Jun 16, 2026 | Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions. | ||
| CVE-2025-12377 | Med | 0.21 | 4.3 | 0.00 | Nov 13, 2025 | The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated… | ||
| CVE-2023-6742 | Med | 0.21 | 4.3 | 0.00 | Jan 11, 2024 | The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it… | ||
| CVE-2020-9334 | 0.00 | — | 0.01 | Feb 25, 2020 | A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. |
- risk 0.42cvss 6.5epss —
Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.
- risk 0.21cvss 4.3epss 0.00
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated…
- risk 0.21cvss 4.3epss 0.00
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it…
- CVE-2020-9334Feb 25, 2020risk 0.00cvss —epss 0.01
A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.