Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gallery vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-5435
The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query....
Gopiplus Up Down Image Slideshow Gallery
6.5
CVSSv3
CVE-2023-5434
The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This m...
Gopiplus Superb Slideshow Gallery
9.8
CVSSv3
CVE-2023-44267
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
Projectworlds Online Art Gallery 1.0
4.8
CVSSv3
CVE-2023-4271
The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘psres_button_size’ parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
Deanoakley Photospace Responsive Gallery
6.1
CVSSv3
CVE-2023-45630
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions.
Wpdevart Gallery
4.9
CVSSv3
CVE-2023-3279
The WordPress Gallery Plugin WordPress plugin prior to 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks
Imagely Nextgen Gallery
7.5
CVSSv3
CVE-2023-3154
The WordPress Gallery Plugin WordPress plugin prior to 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an malicious user to access arbitrary resources on the server.
Imagely Nextgen Gallery
7.2
CVSSv3
CVE-2023-3155
The WordPress Gallery Plugin WordPress plugin prior to 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an malicious user to access arbitrary resources on the server.
Imagely Nextgen Gallery
8.8
CVSSv3
CVE-2023-45752
Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gallery plugin <= 2.3.12 versions.
10quality Post Gallery
8.8
CVSSv3
CVE-2023-45629
Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions.
Wpdevart Gallery - Image And Video Gallery With Thumbnails
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »