| CVE-2025-27004 | WordPress Famous - Responsive Image And Video Grid Gallery WordPress Plugin plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability | LambertGroup | Famous - Responsive Image And Video Grid Gallery WordPress Plugin | High | 7.1 | 2026-01-08 09:17:42 | Deep Dive |
| CVE-2025-12377 | Gallery Plugin for WordPress – Envira Photo Gallery <= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gallery Actions | smub | Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More | Medium | 4.3 | 2025-11-13 11:29:03 | Deep Dive |
| CVE-2025-11448 | Gallery Plugin for WordPress – Envira Photo Gallery <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery Conversion | smub | Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More | Medium | 4.3 | 2025-11-08 09:28:11 | Deep Dive |
| CVE-2025-6692 | YouTube Embed <= 10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via instance Parameter | hanucodes | YouTube Embed – YouTube Gallery, Vimeo Gallery – WordPress Plugin | Medium | 6.4 | 2025-07-29 09:23:47 | Deep Dive |
| CVE-2025-23842 | WordPress WordPress Gallery Plugin plugin <= 1.4 - CSRF to Stored XSS vulnerability | Nilesh Shiragave | WordPress Gallery Plugin | High | 7.1 | 2025-01-16 20:07:22 | Deep Dive |
| CVE-2024-5020 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-12-04 08:22:47 | Deep Dive |
| CVE-2024-11453 | WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | samdani | GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets | Medium | 6.4 | 2024-12-03 07:34:54 | Deep Dive |
| CVE-2024-49280 | WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.6 - Cross Site Scripting (XSS) vulnerability | Weblizar - WordPress Themes & Plugin | Lightbox slider – Responsive Lightbox Gallery | Medium | 6.5 | 2024-10-17 19:16:53 | Deep Dive |
| CVE-2024-49258 | WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Download vulnerability | Limbcode | WordPress Gallery Plugin – Limb Image Gallery | Medium | 6.5 | 2024-10-16 13:45:18 | Deep Dive |
| CVE-2024-49260 | WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability | Limbcode | WordPress Gallery Plugin – Limb Image Gallery | Critical | 9.9 | 2024-10-16 13:38:04 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-9018 | WP Easy Gallery <= 4.8.5 - Authenticated (Contributor+) SQL Injection via key Parameter | hahncgdev | WP Easy Gallery – WordPress Gallery Plugin | High | 8.8 | 2024-10-01 08:30:17 | Deep Dive |
| CVE-2024-8436 | WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Authenticated (Subscriber+) SQL Injection | hahncgdev | WP Easy Gallery – WordPress Gallery Plugin | Critical | 9.9 | 2024-09-24 07:30:46 | Deep Dive |
| CVE-2024-8437 | WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Gallery Manipulation | hahncgdev | WP Easy Gallery – WordPress Gallery Plugin | Medium | 4.3 | 2024-09-24 07:30:46 | Deep Dive |
| CVE-2024-3899 | Envira Gallery < 1.8.15 - Author+ Stored XSS | Unknown | Gallery Plugin for WordPress | - | - | 2024-09-11 06:00:02 | Deep Dive |
| CVE-2024-35770 | WordPress Vimeography plugin <= 2.4.1 - Cross Site Request Forgery (CSRF) vulnerability | Dave Kiss | Vimeography: Vimeo Video Gallery WordPress Plugin | Medium | 4.3 | 2024-06-21 13:10:24 | Deep Dive |
| CVE-2024-3268 | YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress <= 3.3.6 - Missing Authorization to Arbitrary Post/Page Creation | emarket-design | Video Gallery – YouTube Gallery & Responsive Video Playlist | Medium | 5.3 | 2024-05-21 11:33:17 | Deep Dive |
| CVE-2024-3235 | Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure | ThemePunch | Essential Grid Gallery WordPress Plugin | Medium | 5.3 | 2024-04-10 04:30:21 | Deep Dive |
| CVE-2024-2081 | FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting | fooplugins | Gallery by FooGallery | Medium | 6.4 | 2024-04-09 18:59:29 | Deep Dive |
| CVE-2024-3097 | WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure | smub | Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery | Medium | 5.3 | 2024-04-09 18:58:59 | Deep Dive |