WordPress Album and Image Gallery plus Lightbox plugin <= 2.1.8 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Album and Image Gallery plus Lightbox versions = 2.1.8...

CVE-2026-22485

Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Album Gallery: from n/a through = 1.0.4...

EUVD-2026-15491

Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Album Gallery: from n/a through = 1.0.4...

CVE-2026-22485

Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Album Gallery: from n/a through = 1.0.4...

CVE-2026-22485

CVE-2026-22485 : WordPress plugin My Album Gallery (versions 1.0.4) or follow vendor patch guidance.

CVE-2026-22485 WordPress My Album Gallery plugin <= 1.0.4 - Arbitrary File Deletion vulnerability

Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Album Gallery: from n/a through = 1.0.4...

CVE-2026-22485 WordPress My Album Gallery plugin <= 1.0.4 - Arbitrary File Deletion vulnerability

Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Album Gallery: from n/a through = 1.0.4...

WordPress plugin My Album Gallery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-27814

Name of the Vulnerable Software and Affected Versions My Album Gallery versions through 1.0.4 Description An authorization issue exists in Ruhul Amin My Album Gallery. The issue involves exploiting incorrectly configured access control security levels. Recommendations Update My Album Gallery to a...

WordPress My Album Gallery plugin <= 1.0.4 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Jitlada in WordPress Plugin My Album Gallery versions = 1.0.4...

CVE-2025-13612

The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aigpl-gallery-album shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

CVE-2025-13612 Album and Image Gallery Plus Lightbox <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode

The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aigpl-gallery-album shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

CVE-2025-13612

CVE-2025-13612 affects the WordPress plugin “Album and Image Gallery Plus Lightbox” (versions up to and including 2.1.7). The vulnerability is a Stored Cross-Site Scripting via the aigpl-gallery-album shortcode due to insufficient input sanitization and output escaping on user-supplied attributes...

CVE-2025-14453

The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'stylecss' shortcode attribute in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-14796

The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image titles in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on the 'attachment-title' attribute. This makes it possible for authenticated...

CVE-2025-14453

The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'stylecss' shortcode attribute in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-14453

CVE-2025-14453 affects the My Album Gallery WordPress plugin. A stored XSS exists via the style_css shortcode attribute in all versions up to 1.0.4 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (Contributor level or higher) and affects page...

CVE-2025-14796 My Album Gallery <= 1.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title

The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image titles in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on the 'attachment-title' attribute. This makes it possible for authenticated...

CVE-2025-14796

CVE-2025-14796 (My Album Gallery, WordPress) is a stored XSS via image title in My Album Gallery ≤ 1.0.4. Root cause: insufficient input sanitization and output escaping for the attachment-&gt;title attribute. Exploitation requires authenticated access at Author level or higher, enabling script i...

WordPress plugin My Album Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...