| CVE-2024-49325 | WordPress Photo Gallery Builder plugin <= 3.0 - Broken Access Control to Notice Dismissal vulnerability | wpdiscover | Photo Gallery Builder | Medium | 4.3 | 2024-10-20 10:40:36 | Deep Dive |
| CVE-2019-25218 | Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.3 - Authenticated (Admin+) SQL Injection | nik00726 | Photo Gallery Slideshow & Masonry Tiled Gallery | Medium | 4.9 | 2024-10-19 03:31:08 | Deep Dive |
| CVE-2024-49280 | WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.6 - Cross Site Scripting (XSS) vulnerability | Weblizar - WordPress Themes & Plugin | Lightbox slider – Responsive Lightbox Gallery | Medium | 6.5 | 2024-10-17 19:16:53 | Deep Dive |
| CVE-2024-49302 | WordPress WordPress Portfolio Builder – Portfolio Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability | portfoliohub | WordPress Portfolio Builder – Portfolio Gallery | Medium | 6.5 | 2024-10-17 18:50:42 | Deep Dive |
| CVE-2024-49258 | WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Download vulnerability | Limbcode | WordPress Gallery Plugin – Limb Image Gallery | Medium | 6.5 | 2024-10-16 13:45:18 | Deep Dive |
| CVE-2024-49260 | WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability | Limbcode | WordPress Gallery Plugin – Limb Image Gallery | Critical | 9.9 | 2024-10-16 13:38:04 | Deep Dive |
| CVE-2024-9540 | Sina Extension for Elementor <= 3.5.7 - Authenticated (Contributor+) Sensitive Information Exposure via Sina Modal Box Widget Elementor Template | shaonsina | Sina Extension for Elementor | Medium | 4.3 | 2024-10-16 07:31:52 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-9776 | ImagePress - Image Gallery <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings | butterflymedia | ImagePress – Image Gallery | Medium | 4.4 | 2024-10-12 05:39:41 | Deep Dive |
| CVE-2024-9778 | ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update | butterflymedia | ImagePress – Image Gallery | Medium | 4.3 | 2024-10-12 05:39:39 | Deep Dive |
| CVE-2024-9824 | ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update | butterflymedia | ImagePress – Image Gallery | Medium | 4.3 | 2024-10-12 05:39:39 | Deep Dive |
| CVE-2024-5968 | Photo Gallery by 10Web <= 1.8.27 - Admin+ Stored XSS | Unknown | Photo Gallery by 10Web | - | - | 2024-10-09 06:00:05 | Deep Dive |
| CVE-2024-8431 | Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Private Gallery Title Disclosure | robosoft | Robo Gallery – Photo & Image Slider | Medium | 4.3 | 2024-10-08 11:34:19 | Deep Dive |
| CVE-2024-44043 | WordPress Photo Gallery by 10Web plugin <= 1.8.27 - Cross Site Scripting (XSS) vulnerability | 10Web | Photo Gallery by 10Web | Medium | 5.9 | 2024-10-06 11:58:45 | Deep Dive |
| CVE-2024-47376 | WordPress Slideshow Gallery LITE plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability | Tribulant Software | Slideshow Gallery | Medium | 5.9 | 2024-10-05 15:13:33 | Deep Dive |
| CVE-2024-47623 | WordPress Gallery Lightbox plugin <= 1.0.0.39 - Cross Site Scripting (XSS) vulnerability | GhozyLab | Gallery Lightbox | Medium | 5.9 | 2024-10-05 14:35:24 | Deep Dive |
| CVE-2024-9018 | WP Easy Gallery <= 4.8.5 - Authenticated (Contributor+) SQL Injection via key Parameter | hahncgdev | WP Easy Gallery – WordPress Gallery Plugin | High | 8.8 | 2024-10-01 08:30:17 | Deep Dive |
| CVE-2024-9025 | Sight – Professional Image Gallery and Portfolio <= 1.1.2 - Missing Authorization to Sensitive Information Exposure in handler_post_title | codesupplyco | Sight – Professional Image Gallery and Portfolio | Medium | 5.3 | 2024-09-26 08:29:46 | Deep Dive |
| CVE-2024-8436 | WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Authenticated (Subscriber+) SQL Injection | hahncgdev | WP Easy Gallery – WordPress Gallery Plugin | Critical | 9.9 | 2024-09-24 07:30:46 | Deep Dive |
| CVE-2024-8437 | WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Gallery Manipulation | hahncgdev | WP Easy Gallery – WordPress Gallery Plugin | Medium | 4.3 | 2024-09-24 07:30:46 | Deep Dive |