| CVE-2025-60104 | WordPress Gallery Custom Links Plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability | Jordy Meow | Gallery Custom Links | Medium | 5.9 | 2025-09-26 08:31:24 | Deep Dive |
| CVE-2025-58965 | WordPress Fusion Page Builder : Extension – Gallery Plugin <= 1.7.6 - Cross Site Scripting (XSS) Vulnerability | Agency Dominion Inc. | Fusion Page Builder : Extension – Gallery | Medium | 6.5 | 2025-09-22 18:26:11 | Deep Dive |
| CVE-2025-57947 | WordPress Photo Gallery by Ays Plugin <= 6.3.8 - Cross Site Scripting (XSS) Vulnerability | Ays Pro | Photo Gallery by Ays | Medium | 6.5 | 2025-09-22 18:24:54 | Deep Dive |
| CVE-2025-57966 | WordPress Gallery Lightbox plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability | GhozyLab | Gallery Lightbox | Medium | 6.5 | 2025-09-22 18:24:40 | Deep Dive |
| CVE-2025-58226 | WordPress 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery Plugin <= 1.16.16 - Sensitive Data Exposure Vulnerability | iberezansky | 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery | Medium | 5.3 | 2025-09-22 18:23:45 | Deep Dive |
| CVE-2025-6067 | Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | sjaved | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | Medium | 6.4 | 2025-09-06 01:47:27 | Deep Dive |
| CVE-2025-57889 | WordPress InPost Gallery Plugin <= 2.1.4.5 - Local File Inclusion Vulnerability | RealMag777 | InPost Gallery | High | 7.5 | 2025-09-05 16:15:39 | Deep Dive |
| CVE-2025-58881 | WordPress New Simple Gallery Plugin <= 8.0 - SQL Injection Vulnerability | gopiplus | New Simple Gallery | High | 8.5 | 2025-09-05 13:45:51 | Deep Dive |
| CVE-2025-58610 | WordPress Gallery PhotoBlocks Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability | WP Chill | Gallery PhotoBlocks | Medium | 6.5 | 2025-09-03 14:36:45 | Deep Dive |
| CVE-2025-9695 | GalleryVault Gallery Vault App com.thinkyeah.galleryvault AndroidManifest.xml improper export of android application components | GalleryVault | Gallery Vault App | Medium | 5.3 | 2025-08-30 15:32:07 | Deep Dive |
| CVE-2025-53224 | WordPress NextGEN Gallery Search Plugin <= 2.12 - Cross Site Scripting (XSS) Vulnerability | Koen Schuit | NextGEN Gallery Search | High | 7.1 | 2025-08-28 12:37:21 | Deep Dive |
| CVE-2025-48349 | WordPress Video Gallery – Vimeo and YouTube Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability | origincode | Video Gallery – Vimeo and YouTube Gallery | Medium | 6.5 | 2025-08-28 12:37:03 | Deep Dive |
| CVE-2025-7641 | Assistant for NextGEN Gallery <= 1.0.9 - Unauthenticated Arbitrary Directory Deletion | 48hmorris | Assistant for NextGEN Gallery | High | 7.5 | 2025-08-15 08:25:38 | Deep Dive |
| CVE-2025-52769 | WordPress flexo-social-gallery Plugin <= 1.0006 - Cross Site Request Forgery (CSRF) Vulnerability | flexostudio | flexo-social-gallery | Medium | 4.3 | 2025-08-14 18:22:05 | Deep Dive |
| CVE-2025-52721 | WordPress Global Gallery Plugin <= 9.2.3 - Broken Access Control Vulnerability | LCweb | Global Gallery | Medium | 6.5 | 2025-08-14 10:34:03 | Deep Dive |
| CVE-2025-8811 | code-projects Simple Art Gallery registration.php sql injection | code-projects | Simple Art Gallery | High | 7.3 | 2025-08-10 13:32:07 | Deep Dive |
| CVE-2025-8400 | Image Gallery <= 1.0.0 - Reflected Cross-Site Scripting | aumsrini | Image Gallery | Medium | 6.1 | 2025-08-02 08:24:48 | Deep Dive |
| CVE-2025-6228 | Sina Extension for Elementor <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Sina Posts`, `Sina Blog Post` and `Sina Table` Widgets | shaonsina | Sina Extension for Elementor | Medium | 6.4 | 2025-08-01 11:18:56 | Deep Dive |
| CVE-2025-7725 | Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI <= 26.1.0 - Unauthenticated Stored Cross-Site Scripting | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | High | 7.2 | 2025-08-01 04:24:29 | Deep Dive |
| CVE-2025-6692 | YouTube Embed <= 10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via instance Parameter | hanucodes | YouTube Embed – YouTube Gallery, Vimeo Gallery – WordPress Plugin | Medium | 6.4 | 2025-07-29 09:23:47 | Deep Dive |