Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enviragallery vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-24126
Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions prior to 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation.
Enviragallery Envira Gallery
312
VMScore
CVE-2020-9334
A stored XSS vulnerability exists in the Envira Photo Gallery plugin up to and including 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.
Enviragallery Envira Gallery
314
VMScore
CVE-2020-35581
A stored cross-site scripting (XSS) issue in Envira Gallery Lite prior to 1.8.3.3 allows remote malicious users to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter.
Enviragallery Envira Gallery
NA
CVE-2023-6742
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This m...
Enviragallery Envira Gallery
NA
CVE-2022-2190
The Gallery Plugin for WordPress plugin prior to 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
Enviragallery Envira Gallery
1 Github repository
312
VMScore
CVE-2020-35582
A stored cross-site scripting (XSS) issue in Envira Gallery Lite prior to 1.8.3.3 allows remote malicious users to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.
Enviragallery Envira Gallery
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29758
CVE-2023-42931
unauthorized
CVE-2024-1540
unprivileged
CVE-2023-24955
CVE-2024-20259
logic flaw
CVE-2024-20333
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started