| CVE-2023-33995 | WordPress Photo Gallery by 10Web plugin <= 1.8.15 - Broken Access Control vulnerability | 10Web | Photo Gallery by 10Web | Medium | 4.3 | 2024-12-13 14:23:32 | Deep Dive |
| CVE-2023-32585 | WordPress Portfolio Gallery – Responsive Image Gallery plugin <= 1.4.6 - Broken Access Control vulnerability | totalsoft | Portfolio Gallery | High | 7.5 | 2024-12-13 14:23:25 | Deep Dive |
| CVE-2023-25988 | WordPress Video Gallery – YouTube Gallery plugin <= 1.7.6 - Broken Access Control vulnerability | totalsoft | Video Gallery – YouTube Gallery | High | 7.5 | 2024-12-13 14:23:19 | Deep Dive |
| CVE-2022-45841 | WordPress Robo Gallery plugin <= 3.2.9 - Auth. Broken Access Control vulnerability | robosoft | Robo Gallery | Medium | 5.4 | 2024-12-13 14:22:05 | Deep Dive |
| CVE-2024-12162 | Video & Photo Gallery for Ultimate Member <= 1.1.1 - Reflected Cross-Site Scripting | suiteplugins | Video & Photo Gallery for Ultimate Member | Medium | 6.1 | 2024-12-12 04:23:14 | Deep Dive |
| CVE-2023-25060 | WordPress Album and Image Gallery plus Lightbox plugin <= 1.6.2 - Broken Access Control vulnerability | WP OnlineSupport, Essential Plugin | Album and Image Gallery plus Lightbox | Medium | 5.3 | 2024-12-09 11:31:36 | Deep Dive |
| CVE-2024-11501 | Gallery <= 1.3 - Authenticated (Contributor+) PHP Object Injection | webdzier | Gallery | High | 8.8 | 2024-12-07 11:09:53 | Deep Dive |
| CVE-2024-11823 | Folder Gallery <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | vjalby | Folder Gallery | Medium | 6.1 | 2024-12-06 08:24:57 | Deep Dive |
| CVE-2024-9769 | Video Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting | totalsoft | Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery | Medium | 4.4 | 2024-12-06 03:25:39 | Deep Dive |
| CVE-2024-10247 | YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection | totalsoft | Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery | High | 7.2 | 2024-12-06 03:25:39 | Deep Dive |
| CVE-2024-5020 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-12-04 08:22:47 | Deep Dive |
| CVE-2024-11453 | WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | samdani | GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets | Medium | 6.4 | 2024-12-03 07:34:54 | Deep Dive |
| CVE-2024-52467 | WordPress AI Responsive Gallery Album plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | August Infotech | AI Responsive Gallery Album | High | 7.1 | 2024-12-02 13:49:02 | Deep Dive |
| CVE-2024-53744 | WordPress Elementor Image Gallery plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability | SkyBootstrap | Elementor Image Gallery Plugin | Medium | 6.5 | 2024-12-01 21:29:00 | Deep Dive |
| CVE-2024-53788 | WordPress WordPress Portfolio Builder – Portfolio Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability | portfoliohub | WordPress Portfolio Builder – Portfolio Gallery | Medium | 5.9 | 2024-11-30 21:05:24 | Deep Dive |
| CVE-2024-10704 | Photo Gallery by 10Web < 1.8.31 - Admin+ Stored XSS | Unknown | Photo Gallery by 10Web | 中危 | - | 2024-11-29 06:00:07 | Deep Dive |
| CVE-2024-11103 | Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Critical | 9.8 | 2024-11-28 09:47:09 | Deep Dive |
| CVE-2024-11119 | BNE Gallery Extended <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via gallery Shortcode | bluenotes | BNE Gallery Extended | Medium | 6.4 | 2024-11-26 08:31:54 | Deep Dive |
| CVE-2024-11002 | InPost Gallery <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template | realmag777 | InPost Gallery | Medium | 6.3 | 2024-11-26 06:43:45 | Deep Dive |
| CVE-2024-6393 | NextGEN Gallery < 3.59.5 - Admin+ Stored XSS | Unknown | Photo Gallery, Sliders, Proofing and Themes | - | - | 2024-11-25 06:00:06 | Deep Dive |