| CVE-2026-4300 | Robo Gallery <= 5.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'Loading Label' Setting | robosoft | Robo Gallery – Photo & Image Slider | Medium | 6.4 | 2026-04-08 09:25:50 | Deep Dive |
| CVE-2026-39510 | WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Insecure Direct Object References (IDOR) vulnerability | WP Chill | Image Photo Gallery Final Tiles Grid | - | - | 2026-04-08 08:30:14 | Deep Dive |
| CVE-2026-32537 | WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.5.1 - Local File Inclusion vulnerability | nK | Visual Portfolio, Photo Gallery & Post Grid | 中危 | - | 2026-03-25 16:15:11 | Deep Dive |
| CVE-2026-1463 | Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 4.0.4 - Authenticated (Author+) Local File Inclusion | smub | Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery | High | 8.8 | 2026-03-18 16:26:27 | Deep Dive |
| CVE-2026-32330 | WordPress Photo Gallery by 10Web plugin <= 1.8.37 - Cross Site Request Forgery (CSRF) vulnerability | 10Web | Photo Gallery by 10Web | 中危 | - | 2026-03-13 11:41:55 | Deep Dive |
| CVE-2026-3013 | Path Traversal in Coppermine Photo Gallery | Coppermine Photo Gallery | Coppermine Photo Gallery | - | - | 2026-03-11 14:58:17 | Deep Dive |
| CVE-2026-1236 | Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API | smub | Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More | Medium | 6.4 | 2026-03-04 08:23:56 | Deep Dive |
| CVE-2026-22345 | WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerability | A WP Life | Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery | - | - | 2026-02-20 15:47:00 | Deep Dive |
| CVE-2026-27360 | WordPress Photo Gallery by 10Web plugin <= 1.8.38 - Cross Site Scripting (XSS) vulnerability | 10Web | Photo Gallery by 10Web | - | - | 2026-02-19 20:35:42 | Deep Dive |
| CVE-2026-25375 | WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.10 - Broken Access Control vulnerability | WP Chill | Image Photo Gallery Final Tiles Grid | - | - | 2026-02-19 08:27:01 | Deep Dive |
| CVE-2025-12081 | ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification | navzme | ACF Photo Gallery Field | Medium | 4.3 | 2026-02-19 03:25:20 | Deep Dive |
| CVE-2026-1254 | Modula Image Gallery – Photo Grid & Video Gallery <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page Editing | wpchill | Modula Image Gallery – Photo Grid & Video Gallery | Medium | 4.3 | 2026-02-14 08:26:47 | Deep Dive |
| CVE-2025-53240 | WordPress WordPress Photo Gallery plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability | adamlabs | WordPress Photo Gallery | High | 7.1 | 2026-01-22 16:51:45 | Deep Dive |
| CVE-2026-1036 | Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion | 10web | Photo Gallery by 10Web – Mobile-Friendly Image Gallery | Medium | 5.3 | 2026-01-21 23:23:28 | Deep Dive |
| CVE-2025-15466 | Image Photo Gallery Final Tiles Grid <= 3.6.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management | wpchill | Image Photo Gallery Final Tiles Grid | Medium | 5.4 | 2026-01-19 23:21:53 | Deep Dive |
| CVE-2025-69084 | WordPress Photo Gallery plugin <= 2.7.7.26 - Reflected Cross Site Scripting (XSS) vulnerability | gt3themes | Photo Gallery | High | 7.1 | 2026-01-06 16:28:38 | Deep Dive |
| CVE-2025-63014 | WordPress Gmedia Photo Gallery plugin <= 1.25.0 - Cross Site Request Forgery (CSRF) vulnerability | Serhii Pasyuk | Gmedia Photo Gallery | Medium | 4.3 | 2025-12-31 15:52:01 | Deep Dive |
| CVE-2025-13693 | Image Photo Gallery Final Tiles Grid <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting | wpchill | Image Photo Gallery Final Tiles Grid | Medium | 6.4 | 2025-12-21 03:20:05 | Deep Dive |
| CVE-2025-14455 | Image Photo Gallery Final Tiles Grid <= 3.6.7 - Missing Authorization to Authenticated (Contributor+) Gallery Management | wpchill | Image Photo Gallery Final Tiles Grid | Medium | 5.4 | 2025-12-19 09:29:49 | Deep Dive |
| CVE-2025-13641 | Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 3.59.12 - Authenticated (Contributor+) Local File Inclusion via 'template' | smub | Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery | High | 8.8 | 2025-12-18 09:21:29 | Deep Dive |