Enviragallery Envira_gallery

8 CVEs affecting Enviragallery Envira_gallery. Latest disclosed: 2024-11-01. Critical: 0, High: 0.

Top CVEs affecting Enviragallery Envira_gallery
CVESeverityScorePublishedSummary
CVE-2022-2190Medium6.12022-10-31The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which c…
CVE-2021-24126Medium5.42021-03-18Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metada…
CVE-2020-35582Medium5.42021-01-15A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp…
CVE-2020-35581Medium5.42021-01-15A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp…
CVE-2020-9334Medium5.42020-02-25A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a a…
CVE-2024-3899Medium4.82024-09-11The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-wri…
CVE-2024-43925Medium4.32024-11-01Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This is…
CVE-2023-6742Medium4.32024-01-11The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability c…