Vendor CVEs
Piwigo
All CVEs
107 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-43018 | 0.00 | — | 0.00 | Jul 29, 2025 | Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters are used in ws_user_gerList function from file include\ws_functions\pwg.users.php and this same function is called by ws.php file at some point can be used for… | |||
| CVE-2024-52701 | 0.00 | — | 0.00 | Nov 20, 2024 | A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter. | |||
| CVE-2024-48311 | 0.00 | — | 0.00 | Oct 31, 2024 | Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album function. | |||
| CVE-2024-46605 | 0.00 | — | 0.00 | Oct 16, 2024 | A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. | |||
| CVE-2024-46606 | 0.00 | — | 0.00 | Oct 16, 2024 | A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. | |||
| CVE-2024-46333 | 0.00 | — | 0.00 | Sep 27, 2024 | An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function. | |||
| CVE-2024-28662 | 0.00 | — | 0.00 | Mar 13, 2024 | A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php. | |||
| CVE-2024-26450 | 0.00 | — | 0.00 | Feb 28, 2024 | An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing… | |||
| CVE-2023-51790 | 0.00 | — | 0.01 | Jan 12, 2024 | Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. | |||
| CVE-2023-44393 | 0.00 | — | 0.01 | Oct 9, 2023 | Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited by an attacker to inject… | |||
| CVE-2023-37270 | 0.00 | — | 0.04 | Jul 7, 2023 | Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when… | |||
| CVE-2023-34626 | 0.00 | — | 0.01 | Jun 15, 2023 | Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function. | |||
| CVE-2023-33359 | 0.00 | — | 0.00 | May 23, 2023 | Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function. | |||
| CVE-2023-33361 | 0.00 | — | 0.01 | May 23, 2023 | Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. | |||
| CVE-2023-27233 | 0.00 | — | 0.01 | May 17, 2023 | Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php. | |||
| CVE-2022-48007 | 0.00 | — | 0.00 | Jan 27, 2023 | A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent. | |||
| CVE-2014-125053 | 0.00 | — | 0.01 | Jan 6, 2023 | A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading… | |||
| CVE-2022-37183 | 0.00 | — | 0.01 | Aug 31, 2022 | Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. | |||
| CVE-2022-32297 | 0.00 | — | 0.01 | Jul 14, 2022 | Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. | |||
| CVE-2021-40553 | 0.00 | — | 0.02 | Jun 28, 2022 | piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. | |||
| CVE-2021-40678 | 0.00 | — | 0.00 | Jun 14, 2022 | In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit. | |||
| CVE-2021-40317 | 0.00 | — | 0.01 | May 26, 2022 | Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter. | |||
| CVE-2020-19217 | 0.00 | — | 0.01 | May 6, 2022 | SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager. | |||
| CVE-2020-19216 | 0.00 | — | 0.01 | May 6, 2022 | SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm. | |||
| CVE-2020-19215 | 0.00 | — | 0.01 | May 6, 2022 | SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm. | |||
| CVE-2020-19213 | 0.00 | — | 0.16 | May 6, 2022 | SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories. | |||
| CVE-2020-19212 | 0.00 | — | 0.01 | May 6, 2022 | SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete. | |||
| CVE-2022-26267 | 0.00 | — | 0.01 | Mar 18, 2022 | Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. | |||
| CVE-2022-26266 | 0.00 | — | 0.01 | Mar 18, 2022 | Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. | |||
| CVE-2022-24620 | 0.00 | — | 0.01 | Feb 23, 2022 | Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access. | |||
| CVE-2021-45357 | 0.00 | — | 0.01 | Feb 10, 2022 | Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php. | |||
| CVE-2016-3735 | 0.00 | — | 0.01 | Jan 28, 2022 | Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker… | |||
| CVE-2021-40882 | 0.00 | — | 0.01 | Dec 14, 2021 | A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location. | |||
| CVE-2021-40313 | 0.00 | — | 0.01 | Dec 6, 2021 | Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. | |||
| CVE-2020-22150 | 0.00 | — | 0.01 | Jul 21, 2021 | A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. | |||
| CVE-2020-22148 | 0.00 | — | 0.01 | Jul 21, 2021 | A stored cross site scripting (XSS) vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. | |||
| CVE-2021-32615 | 0.00 | — | 0.02 | May 13, 2021 | Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection. | |||
| CVE-2021-31783 | 0.00 | — | 0.01 | Apr 26, 2021 | show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check. | |||
| CVE-2014-8944 | 0.00 | — | 0.01 | Jun 1, 2020 | Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter. | |||
| CVE-2020-8089 | 0.00 | — | 0.01 | Feb 10, 2020 | Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page. | |||
| CVE-2012-4526 | 0.00 | — | 0.01 | Dec 2, 2019 | piwigo has XSS in password.php (incomplete fix for CVE-2012-4525) | |||
| CVE-2012-4525 | 0.00 | — | 0.01 | Dec 2, 2019 | piwigo has XSS in password.php | |||
| CVE-2019-13364 | 0.00 | — | 0.01 | Sep 13, 2019 | admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF. | |||
| CVE-2019-13363 | 0.00 | — | 0.01 | Sep 13, 2019 | admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit… | |||
| CVE-2015-2035 | 0.00 | — | 0.02 | Feb 20, 2015 | SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php. | |||
| CVE-2015-2034 | 0.00 | — | 0.02 | Feb 20, 2015 | Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php. | |||
| CVE-2015-1517 | 0.00 | — | 0.03 | Feb 20, 2015 | SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php. | |||
| CVE-2015-1441 | 0.00 | — | 0.01 | Feb 3, 2015 | SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2014-3900 | 0.00 | — | 0.02 | Aug 17, 2014 | Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-2014-4649. | |||
| CVE-2014-1980 | 0.00 | — | 0.01 | Aug 14, 2014 | Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif metadata within an image uploaded to the Community plugin. |
- CVE-2024-43018Jul 29, 2025risk 0.00cvss —epss 0.00
Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters are used in ws_user_gerList function from file include\ws_functions\pwg.users.php and this same function is called by ws.php file at some point can be used for…
- CVE-2024-52701Nov 20, 2024risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter.
- CVE-2024-48311Oct 31, 2024risk 0.00cvss —epss 0.00
Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album function.
- CVE-2024-46605Oct 16, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.
- CVE-2024-46606Oct 16, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.
- CVE-2024-46333Sep 27, 2024risk 0.00cvss —epss 0.00
An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function.
- CVE-2024-28662Mar 13, 2024risk 0.00cvss —epss 0.00
A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php.
- CVE-2024-26450Feb 28, 2024risk 0.00cvss —epss 0.00
An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing…
- CVE-2023-51790Jan 12, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component.
- CVE-2023-44393Oct 9, 2023risk 0.00cvss —epss 0.01
Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited by an attacker to inject…
- CVE-2023-37270Jul 7, 2023risk 0.00cvss —epss 0.04
Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when…
- CVE-2023-34626Jun 15, 2023risk 0.00cvss —epss 0.01
Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.
- CVE-2023-33359May 23, 2023risk 0.00cvss —epss 0.00
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function.
- CVE-2023-33361May 23, 2023risk 0.00cvss —epss 0.01
Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php.
- CVE-2023-27233May 17, 2023risk 0.00cvss —epss 0.01
Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.
- CVE-2022-48007Jan 27, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.
- CVE-2014-125053Jan 6, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading…
- CVE-2022-37183Aug 31, 2022risk 0.00cvss —epss 0.01
Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list.
- CVE-2022-32297Jul 14, 2022risk 0.00cvss —epss 0.01
Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function.
- CVE-2021-40553Jun 28, 2022risk 0.00cvss —epss 0.02
piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor.
- CVE-2021-40678Jun 14, 2022risk 0.00cvss —epss 0.00
In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit.
- CVE-2021-40317May 26, 2022risk 0.00cvss —epss 0.01
Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter.
- CVE-2020-19217May 6, 2022risk 0.00cvss —epss 0.01
SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.
- CVE-2020-19216May 6, 2022risk 0.00cvss —epss 0.01
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm.
- CVE-2020-19215May 6, 2022risk 0.00cvss —epss 0.01
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm.
- CVE-2020-19213May 6, 2022risk 0.00cvss —epss 0.16
SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.
- CVE-2020-19212May 6, 2022risk 0.00cvss —epss 0.01
SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.
- CVE-2022-26267Mar 18, 2022risk 0.00cvss —epss 0.01
Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.
- CVE-2022-26266Mar 18, 2022risk 0.00cvss —epss 0.01
Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.
- CVE-2022-24620Feb 23, 2022risk 0.00cvss —epss 0.01
Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.
- CVE-2021-45357Feb 10, 2022risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php.
- CVE-2016-3735Jan 28, 2022risk 0.00cvss —epss 0.01
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker…
- CVE-2021-40882Dec 14, 2021risk 0.00cvss —epss 0.01
A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location.
- CVE-2021-40313Dec 6, 2021risk 0.00cvss —epss 0.01
Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php.
- CVE-2020-22150Jul 21, 2021risk 0.00cvss —epss 0.01
A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML.
- CVE-2020-22148Jul 21, 2021risk 0.00cvss —epss 0.01
A stored cross site scripting (XSS) vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML.
- CVE-2021-32615May 13, 2021risk 0.00cvss —epss 0.02
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
- CVE-2021-31783Apr 26, 2021risk 0.00cvss —epss 0.01
show_default.php in the LocalFilesEditor extension before 11.4.0.1 for Piwigo allows Local File Inclusion because the file parameter is not validated with a proper regular-expression check.
- CVE-2014-8944Jun 1, 2020risk 0.00cvss —epss 0.01
Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.
- CVE-2020-8089Feb 10, 2020risk 0.00cvss —epss 0.01
Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.
- CVE-2012-4526Dec 2, 2019risk 0.00cvss —epss 0.01
piwigo has XSS in password.php (incomplete fix for CVE-2012-4525)
- CVE-2012-4525Dec 2, 2019risk 0.00cvss —epss 0.01
piwigo has XSS in password.php
- CVE-2019-13364Sep 13, 2019risk 0.00cvss —epss 0.01
admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF.
- CVE-2019-13363Sep 13, 2019risk 0.00cvss —epss 0.01
admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit…
- CVE-2015-2035Feb 20, 2015risk 0.00cvss —epss 0.02
SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.
- CVE-2015-2034Feb 20, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php.
- CVE-2015-1517Feb 20, 2015risk 0.00cvss —epss 0.03
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
- CVE-2015-1441Feb 3, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2014-3900Aug 17, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-2014-4649.
- CVE-2014-1980Aug 14, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif metadata within an image uploaded to the Community plugin.
Page 2 of 3