| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-53240 | WordPress WordPress Photo Gallery plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability | adamlabs | WordPress Photo Gallery | High | 7.1 | 2026-01-22 16:51:45 | Deep Dive |
| CVE-2025-12377 | Gallery Plugin for WordPress – Envira Photo Gallery <= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gallery Actions | smub | Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More | Medium | 4.3 | 2025-11-13 11:29:03 | Deep Dive |
| CVE-2025-11448 | Gallery Plugin for WordPress – Envira Photo Gallery <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery Conversion | smub | Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More | Medium | 4.3 | 2025-11-08 09:28:11 | Deep Dive |
| CVE-2025-27291 | WordPress Photo Gallery – Image Gallery Plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | uxgallery | WordPress Photo Gallery – Image Gallery | High | 7.1 | 2025-04-17 15:48:06 | Deep Dive |
| CVE-2024-13906 | Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.3 - Authenticated (Administrator+) PHP Object Injection | bestwebsoft | Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress | High | 7.2 | 2025-03-07 07:22:24 | Deep Dive |
| CVE-2024-5020 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-12-04 08:22:47 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2023-6742 | Envira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images | smub | Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More | Medium | 4.3 | 2024-01-11 08:32:33 | Deep Dive |
| CVE-2021-4384 | WordPress Photo Gallery – Image Gallery <= 1.0.6 - Cross-Site Request Forgery Bypass | origincode | WordPress Photo Gallery – Image Gallery | Medium | 4.3 | 2023-07-01 03:30:12 | Deep Dive |
| CVE-2022-2190 | Envira Gallery Lite < 1.8.4.7 - Reflected Cross-Site Scripting | Unknown | Gallery Plugin for WordPress – Envira Photo Gallery | 中危 | - | 2022-10-31 00:00:00 | Deep Dive |
| CVE-2021-36891 | WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change | Supsystic | Photo Gallery by Supsystic (WordPress plugin) | Medium | 5.4 | 2022-06-15 19:16:58 | Deep Dive |
| CVE-2021-24915 | Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure | Unknown | Contest Gallery – Photo Contest Plugin for WordPress | 超危 | - | 2021-11-29 08:25:50 | Deep Dive |