| CVE-2025-23487 | WordPress Easy Gallery plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | odihost | Easy Gallery | High | 7.1 | 2025-03-03 13:30:07 | Deep Dive |
| CVE-2025-23441 | WordPress Attach Gallery Posts plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability | dkukral | Attach Gallery Posts | High | 7.1 | 2025-03-03 13:30:03 | Deep Dive |
| CVE-2024-13833 | Album Gallery – WordPress Gallery <= 1.6.3 - Authenticated (Editor+) PHP Object Injection via Gallery Meta | awordpresslife | Album Gallery | High | 7.2 | 2025-03-01 11:22:49 | Deep Dive |
| CVE-2025-1513 | Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 26.0.0.1 - Unauthenticated Stored Cross-Site Scripting | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | High | 7.2 | 2025-02-28 05:23:15 | Deep Dive |
| CVE-2025-1757 | WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | portfoliohub | WordPress Portfolio Builder – Portfolio Gallery | Medium | 6.4 | 2025-02-28 04:21:56 | Deep Dive |
| CVE-2025-22624 | FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 - Reflected cross-site scripting (XSS) | bradvin | FooGallery - Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel | 中危 | - | 2025-02-27 18:26:27 | Deep Dive |
| CVE-2024-6261 | Image Photo Gallery Final Tiles Grid <= 3.6.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | wpchill | Image Photo Gallery Final Tiles Grid | Medium | 6.4 | 2025-02-27 05:23:05 | Deep Dive |
| CVE-2025-1517 | Sina Extension for Elementor <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text, Countdown Widget, and Login Form Shortcodes | shaonsina | Sina Extension for Elementor | Medium | 6.4 | 2025-02-26 08:21:57 | Deep Dive |
| CVE-2025-26931 | WordPress Tribulant Gallery Voting plugin <= 1.2.1 - CSRF to Stored XSS vulnerability | Tribulant Software | Tribulant Gallery Voting | High | 7.1 | 2025-02-25 14:17:55 | Deep Dive |
| CVE-2024-10545 | NextGEN Gallery < 3.59.9 - Admin+ Stored XSS | Unknown | Photo Gallery, Sliders, Proofing and Themes | 低危 | - | 2025-02-25 06:00:05 | Deep Dive |
| CVE-2025-27277 | WordPress Add Linked Images To Gallery plugin <= 1.4 - CSRF to Stored XSS vulnerability | tiefpunkt | Add Linked Images To Gallery | High | 7.1 | 2025-02-24 14:48:48 | Deep Dive |
| CVE-2025-27276 | WordPress Photo Gallery ( Responsive ) plugin <= 4.0 - CSRF to Privilege Escalation vulnerability | lizeipe | Photo Gallery ( Responsive ) | High | 8.8 | 2025-02-24 14:48:47 | Deep Dive |
| CVE-2024-13314 | Carousel, Slider, Gallery by WP Carousel < 2.7.4 - Admin+ Stored XSS | Unknown | Carousel, Slider, Gallery by WP Carousel | 低危 | - | 2025-02-21 06:00:05 | Deep Dive |
| CVE-2024-13751 | 3D Photo Gallery <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | labibahmed42 | 3D Photo Gallery | Medium | 6.4 | 2025-02-21 03:21:23 | Deep Dive |
| CVE-2024-13231 | WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Missing Authorization to Unauthenticated Portfolio Update | portfoliohub | WordPress Portfolio Builder – Portfolio Gallery | Medium | 5.3 | 2025-02-19 08:21:46 | Deep Dive |
| CVE-2024-13676 | Categorized Gallery Plugin <= 2.0 - Authenticated (Contributor+) SQL Injection | wamasoftware | Categorized Gallery Plugin | Medium | 6.5 | 2025-02-19 07:32:13 | Deep Dive |
| CVE-2025-26778 | WordPress Gallery Custom Links Plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability | Jordy Meow | Gallery | Medium | 5.9 | 2025-02-17 11:38:15 | Deep Dive |
| CVE-2025-23748 | WordPress Singsys -Awesome Gallery plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | Singsys | Singsys -Awesome Gallery | High | 7.1 | 2025-02-14 12:44:32 | Deep Dive |
| CVE-2024-13814 | Global Gallery - WordPress Responsive Gallery <= 9.1.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | LCweb | Global Gallery - WordPress Responsive Gallery | Medium | 5.4 | 2025-02-12 08:25:43 | Deep Dive |
| CVE-2025-25080 | WordPress Kona Gallery Block plugin <= 1.7 - Stored Cross Site Scripting (XSS) vulnerability | gubbigubbi | Kona Gallery Block | Medium | 6.5 | 2025-02-07 10:11:32 | Deep Dive |