Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simple image gallery simple image gallery vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-39313
The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/simple-image-gallery.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.0.6.
Simple Image Gallery Simple Image Gallery
Duogeek Simple Image Gallery
9.8
CVSSv3
CVE-2021-38753
An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app.
Simple Image Gallery Web App Project Simple Image Gallery Web App -
8.8
CVSSv3
CVE-2021-38819
A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through "id" parameter on the album page.
Simple Image Gallery Web App Project Simple Image Gallery Web App -
9.8
CVSSv3
CVE-2023-27040
Simple Image Gallery v1.0 exists to contain a remote code execution (RCE) vulnerability via the username parameter.
Simple Image Gallery Web App Project Simple Image Gallery Web App 1.0
6.1
CVSSv3
CVE-2018-7717
The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended (SIGE) extension 3.2.3 for Joomla! has XSS via a crafted image header, as demonstrated by the Caption-Abstract header object in a JPEG file. This is fixed in 3.3.1.
Kubik-rubik Simple Image Gallery Extended
6.1
CVSSv3
CVE-2017-16356
Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) prior to 3.3.0 allows malicious users to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter.
Kubik-rubik Simple Image Gallery Extended
1 EDB exploit
6.3
CVSSv3
CVE-2022-4974
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in...
Paretodigital Yasr – Yet Another Star Rating Plugin For Wordpress
Nicheaddons Events Addon For Elementor
Dots Fraud Prevention For Woocommerce And Edd
Wpengine Gutenberg Blocks – Acf Blocks Suite
Bouncingsprout Ultimeter
Toddhalfpenny Past Events Extension
Pootlepress Pootle Pagebuilder – Wordpress Page Builder
Powerfulwp Local Delivery Drivers For Woocommerce
Kkikuchi1220 Ultimate Gutenberg – Custom Block Templates
Josevega Wp Required Taxonomies – Categories And Tags Mandatory
Pmbaldha Featured Products First For Woocommerce – A Extension Of Woocommerce (woocommerce Addon Plugin)
Sslzen Ssl Certificate – Free Ssl, Https By Ssl Zen
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-4278
updatenavi
fujitsu client computing limited
CVE-2025-32465
CVE-2025-49184
ibm
CVE-2025-4275
file upload
CVE-2025-33073
sick ag
file inclusion
CVE-2025-26383
unspecified
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
Vulmon