| CVE-2026-6443 | Essentialplugin Plugins (Various Versions) - Injected Backdoor | essentialplugin | Accordion and Accordion Slider | Critical | 9.8 | 2026-04-17 06:44:49 | Deep Dive |
| CVE-2026-1314 | 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure | iberezansky | 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery | Medium | 5.3 | 2026-04-14 23:26:08 | Deep Dive |
| CVE-2026-4300 | Robo Gallery <= 5.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'Loading Label' Setting | robosoft | Robo Gallery – Photo & Image Slider | Medium | 6.4 | 2026-04-08 09:25:50 | Deep Dive |
| CVE-2026-39510 | WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Insecure Direct Object References (IDOR) vulnerability | WP Chill | Image Photo Gallery Final Tiles Grid | - | - | 2026-04-08 08:30:14 | Deep Dive |
| CVE-2026-4766 | Easy Image Gallery <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Shortcode Post Meta | devrix | Easy Image Gallery | Medium | 6.4 | 2026-03-25 01:25:06 | Deep Dive |
| CVE-2026-3695 | SourceCodester Modern Image Gallery App delete.php path traversal | SourceCodester | Modern Image Gallery App | Medium | 6.5 | 2026-03-08 00:32:11 | Deep Dive |
| CVE-2026-1236 | Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API | smub | Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More | Medium | 6.4 | 2026-03-04 08:23:56 | Deep Dive |
| CVE-2026-3070 | SourceCodester Modern Image Gallery App upload.php cross site scripting | SourceCodester | Modern Image Gallery App | Medium | 4.3 | 2026-02-24 04:32:08 | Deep Dive |
| CVE-2026-22345 | WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerability | A WP Life | Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery | - | - | 2026-02-20 15:47:00 | Deep Dive |
| CVE-2026-22346 | WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.5.4 - PHP Object Injection vulnerability | A WP Life | Slider Responsive Slideshow – Image slider, Gallery slideshow | - | - | 2026-02-20 15:47:00 | Deep Dive |
| CVE-2026-25375 | WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.10 - Broken Access Control vulnerability | WP Chill | Image Photo Gallery Final Tiles Grid | - | - | 2026-02-19 08:27:01 | Deep Dive |
| CVE-2025-13612 | Album and Image Gallery Plus Lightbox <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode | essentialplugin | Album and Image Gallery Plus Lightbox | Medium | 6.4 | 2026-02-19 04:36:10 | Deep Dive |
| CVE-2026-1254 | Modula Image Gallery – Photo Grid & Video Gallery <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing | wpchill | Modula Image Gallery – Photo Grid & Video Gallery | Medium | 4.3 | 2026-02-14 08:26:47 | Deep Dive |
| CVE-2026-24939 | WordPress Modula Image Gallery plugin <= 2.13.6 - Broken Access Control vulnerability | WP Chill | Modula Image Gallery | - | - | 2026-02-03 14:08:33 | Deep Dive |
| CVE-2026-23976 | WordPress Modula Image Gallery plugin <= 2.13.4 - Cross Site Scripting (XSS) vulnerability | WP Chill | Modula Image Gallery | Medium | 5.9 | 2026-01-22 16:52:43 | Deep Dive |
| CVE-2026-1036 | Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion | 10web | Photo Gallery by 10Web – Mobile-Friendly Image Gallery | Medium | 5.3 | 2026-01-21 23:23:28 | Deep Dive |
| CVE-2025-15466 | Image Photo Gallery Final Tiles Grid <= 3.6.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management | wpchill | Image Photo Gallery Final Tiles Grid | Medium | 5.4 | 2026-01-19 23:21:53 | Deep Dive |
| CVE-2025-27004 | WordPress Famous - Responsive Image And Video Grid Gallery WordPress Plugin plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | LambertGroup | Famous - Responsive Image And Video Grid Gallery WordPress Plugin | High | 7.1 | 2026-01-08 09:17:42 | Deep Dive |
| CVE-2025-13693 | Image Photo Gallery Final Tiles Grid <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting | wpchill | Image Photo Gallery Final Tiles Grid | Medium | 6.4 | 2025-12-21 03:20:05 | Deep Dive |
| CVE-2025-14455 | Image Photo Gallery Final Tiles Grid <= 3.6.7 - Missing Authorization to Authenticated (Contributor+) Gallery Management | wpchill | Image Photo Gallery Final Tiles Grid | Medium | 5.4 | 2025-12-19 09:29:49 | Deep Dive |