Enviragallery Envira_gallery
8 CVEs affecting Enviragallery Envira_gallery. Latest disclosed: 2024-11-01. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-2190 | Medium | 6.1 | 2022-10-31 | The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which c… |
CVE-2021-24126 | Medium | 5.4 | 2021-03-18 | Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metada… |
CVE-2020-35582 | Medium | 5.4 | 2021-01-15 | A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp… |
CVE-2020-35581 | Medium | 5.4 | 2021-01-15 | A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp… |
CVE-2020-9334 | Medium | 5.4 | 2020-02-25 | A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a a… |
CVE-2024-3899 | Medium | 4.8 | 2024-09-11 | The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-wri… |
CVE-2024-43925 | Medium | 4.3 | 2024-11-01 | Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This is… |
CVE-2023-6742 | Medium | 4.3 | 2024-01-11 | The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability c… |