| CVE-2026-5347 | WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter | mhmrajib | WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes | Medium | 5.3 | 2026-04-24 05:29:38 | Deep Dive |
| CVE-2026-4085 | Easy Social Photos Gallery <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrapper_class' Shortcode Attribute | maltathemes | Easy Social Photos Gallery – MIF | Medium | 6.4 | 2026-04-22 07:45:39 | Deep Dive |
| CVE-2026-6443 | Essentialplugin Plugins (Various Versions) - Injected Backdoor | essentialplugin | Accordion and Accordion Slider | Critical | 9.8 | 2026-04-17 06:44:49 | Deep Dive |
| CVE-2026-1314 | 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure | iberezansky | 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery | Medium | 5.3 | 2026-04-14 23:26:08 | Deep Dive |
| CVE-2026-4300 | Robo Gallery <= 5.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'Loading Label' Setting | robosoft | Robo Gallery – Photo & Image Slider | Medium | 6.4 | 2026-04-08 09:25:50 | Deep Dive |
| CVE-2026-39510 | WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Insecure Direct Object References (IDOR) vulnerability | WP Chill | Image Photo Gallery Final Tiles Grid | - | - | 2026-04-08 08:30:14 | Deep Dive |
| CVE-2026-32537 | WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.5.1 - Local File Inclusion vulnerability | nK | Visual Portfolio, Photo Gallery & Post Grid | 中危 | - | 2026-03-25 16:15:11 | Deep Dive |
| CVE-2026-25345 | WordPress SimpLy Gallery plugin <= 3.3.2 - Arbitrary Code Execution vulnerability | GalleryCreator | SimpLy Gallery | Critical | 9.9 | 2026-03-25 16:14:43 | Deep Dive |
| CVE-2026-25035 | WordPress Contest Gallery plugin <= 28.1.2.2 - Account Takeover vulnerability | Wasiliy Strecker / ContestGallery developer | Contest Gallery | Critical | 9.8 | 2026-03-25 16:14:39 | Deep Dive |
| CVE-2026-24964 | WordPress Contest Gallery plugin <= 28.1.2.1 - Server Side Request Forgery (SSRF) vulnerability | Wasiliy Strecker / ContestGallery developer | Contest Gallery | Medium | 6.4 | 2026-03-25 16:14:33 | Deep Dive |
| CVE-2026-22485 | WordPress My Album Gallery plugin <= 1.0.4 - Arbitrary File Deletion vulnerability | Ruhul Amin | My Album Gallery | Medium | 6.5 | 2026-03-25 16:14:23 | Deep Dive |
| CVE-2026-4766 | Easy Image Gallery <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Shortcode Post Meta | devrix | Easy Image Gallery | Medium | 6.4 | 2026-03-25 01:25:06 | Deep Dive |
| CVE-2026-4021 | Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | High | 8.1 | 2026-03-23 23:25:50 | Deep Dive |
| CVE-2026-1463 | Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 4.0.4 - Authenticated (Author+) Local File Inclusion | smub | Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery | High | 8.8 | 2026-03-18 16:26:27 | Deep Dive |
| CVE-2026-32418 | WordPress Meow Gallery plugin <= 5.4.4 - SQL Injection vulnerability | Jordy Meow | Meow Gallery | 中危 | - | 2026-03-13 11:42:16 | Deep Dive |
| CVE-2026-32356 | WordPress Robo Gallery plugin <= 5.1.2 - Cross Site Scripting (XSS) vulnerability | robosoft | Robo Gallery | 中危 | - | 2026-03-13 11:42:01 | Deep Dive |
| CVE-2026-32330 | WordPress Photo Gallery by 10Web plugin <= 1.8.37 - Cross Site Request Forgery (CSRF) vulnerability | 10Web | Photo Gallery by 10Web | 中危 | - | 2026-03-13 11:41:55 | Deep Dive |
| CVE-2026-3013 | Path Traversal in Coppermine Photo Gallery | Coppermine Photo Gallery | Coppermine Photo Gallery | - | - | 2026-03-11 14:58:17 | Deep Dive |
| CVE-2026-3759 | projectworlds Online Art Gallery Shop adminHome.php sql injection | projectworlds | Online Art Gallery Shop | High | 7.3 | 2026-03-08 18:02:11 | Deep Dive |
| CVE-2026-3758 | projectworlds Online Art Gallery Shop adminHome.php sql injection | projectworlds | Online Art Gallery Shop | High | 7.3 | 2026-03-08 18:02:09 | Deep Dive |