| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6443 | Essentialplugin Plugins (Various Versions) - Injected Backdoor | essentialplugin | Accordion and Accordion Slider | Critical | 9.8 | 2026-04-17 06:44:49 | Deep Dive |
| CVE-2026-1706 | All-in-One Video Gallery <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' Parameter | plugins360 | All-in-One Video Gallery | Medium | 6.1 | 2026-03-04 09:24:30 | Deep Dive |
| CVE-2026-1236 | Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API | smub | Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More | Medium | 6.4 | 2026-03-04 08:23:56 | Deep Dive |
| CVE-2026-1254 | Modula Image Gallery – Photo Grid & Video Gallery <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing | wpchill | Modula Image Gallery – Photo Grid & Video Gallery | Medium | 4.3 | 2026-02-14 08:26:47 | Deep Dive |
| CVE-2025-15516 | All-in-One Video Gallery 4.1.0 - 4.6.4 - Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update | plugins360 | All-in-One Video Gallery | Medium | 4.3 | 2026-01-24 08:26:33 | Deep Dive |
| CVE-2025-14906 | WP Youtube Video Gallery <= 1.0 - Cross-Site Request Forgery to Plugin Settings Update | waqasvickey0071 | WP Youtube Video Gallery | Medium | 4.3 | 2026-01-24 07:26:42 | Deep Dive |
| CVE-2025-14947 | All-in-One Video Gallery <= 4.6.4 - Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion | plugins360 | All-in-One Video Gallery | Medium | 6.5 | 2026-01-23 17:26:07 | Deep Dive |
| CVE-2025-49049 | WordPress DZS Video Gallery plugin <= 12.39 - SQL Injection vulnerability | ZoomIt | DZS Video Gallery | High | 8.5 | 2026-01-22 16:51:42 | Deep Dive |
| CVE-2025-12957 | All-in-One Video Gallery <= 4.5.7 - Authenticated (Author+) Arbitrary File Upload via VTT Upload Bypass | plugins360 | All-in-One Video Gallery | High | 8.8 | 2026-01-16 04:44:35 | Deep Dive |
| CVE-2025-27004 | WordPress Famous - Responsive Image And Video Grid Gallery WordPress Plugin plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | LambertGroup | Famous - Responsive Image And Video Grid Gallery WordPress Plugin | High | 7.1 | 2026-01-08 09:17:42 | Deep Dive |
| CVE-2025-47552 | WordPress DZS Video Gallery plugin <= 12.39 - PHP Object Injection vulnerability | Digital zoom studio | DZS Video Gallery | Critical | 9.8 | 2026-01-07 12:38:11 | Deep Dive |
| CVE-2025-32300 | WordPress DZS Video Gallery plugin <= 12.39 - Cross Site Scripting (XSS) vulnerability | Digital zoom studio | DZS Video Gallery | High | 7.1 | 2026-01-07 12:06:37 | Deep Dive |
| CVE-2025-47553 | WordPress DZS Video Gallery plugin <= 12.39 - PHP Object Injection vulnerability | Digital zoom studio | DZS Video Gallery | High | 8.8 | 2026-01-06 16:47:41 | Deep Dive |
| CVE-2025-14003 | Image Gallery – Photo Grid & Video Gallery <= 2.13.3 - Missing Authorization to Authenticated (Author+) Arbitrary Gallery Modification | wpchill | Modula Image Gallery – Photo Grid & Video Gallery | Medium | 4.3 | 2025-12-15 14:25:10 | Deep Dive |
| CVE-2025-14288 | Gallery Blocks with Lightbox <= 3.3.0 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification | gallerycreator | Mixed Media Gallery Blocks | Medium | 4.3 | 2025-12-13 04:31:26 | Deep Dive |
| CVE-2025-13891 | Image Gallery – Photo Grid & Video Gallery (Modula) <= 2.13.3 - Missing Authorization to Arbitrary Directory Listing | wpchill | Modula Image Gallery – Photo Grid & Video Gallery | Medium | 6.5 | 2025-12-12 07:20:35 | Deep Dive |
| CVE-2025-12966 | All-in-One Video Gallery 4.5.4 - 4.5.7 – Authenticated (Author+) Arbitrary File Upload via Import ZIP | plugins360 | All-in-One Video Gallery | High | 8.8 | 2025-12-06 09:25:58 | Deep Dive |
| CVE-2025-13646 | Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Upload via Race Condition | wpchill | Image Gallery – Photo Grid & Video Gallery | High | 7.5 | 2025-12-03 02:25:30 | Deep Dive |
| CVE-2025-13645 | Modula 2.13.1 - 2.13.2 - Authenticated (Author+) Arbitrary File Deletion | wpchill | Image Gallery – Photo Grid & Video Gallery | High | 7.2 | 2025-12-03 02:25:29 | Deep Dive |
| CVE-2025-12494 | Image Gallery – Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move | wpchill | Modula Image Gallery – Photo Grid & Video Gallery | Medium | 4.3 | 2025-11-15 05:45:34 | Deep Dive |