Lucene search
K

123 matches found

NVD
NVD
added 2026/06/16 10:16 a.m.7 views

CVE-2026-54190

Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...

6.5CVSS0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:0 a.m.16 views

CVE-2026-54190

CVE-2026-54190 : Unauthenticated Broken Access Control affects the WordPress plugin Envira Photo Gallery versions up to and including 1.12.5 . The available sources describe an unauthenticated access control flaw in this plugin, with the vulnerability present in the affected release range. The co...

6.5CVSS5.1AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 9:0 a.m.25 views

CVE-2026-54190 WordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...

6.5CVSS0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:0 a.m.7 views

EUVD-2026-37052

Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...

6.5CVSS5.2AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.8 views

CVE-2026-5361

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

6.4CVSS5.7AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 5:16 a.m.11 views

CVE-2026-5361

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

6.4CVSS0.0035EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/14 3:27 a.m.10 views

CVE-2026-5361 Envira Gallery <= 1.12.4 - Authenticated (Author+) Stored Cross-Site Scripting via 'arrows' Parameter

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

6.4CVSS6AI score0.0035EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:27 a.m.13 views

CVE-2026-5361

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

6.4CVSS6AI score0.0035EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/14 3:27 a.m.9 views

EUVD-2026-30215

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

6.4CVSS6AI score0.0035EPSS
Exploits0References6
CVE
CVE
added 2026/05/14 3:27 a.m.21 views

CVE-2026-5361

CVE-2026-5361 affects the WordPress plugin Envira Gallery Lite (

6.4CVSS6AI score0.0035EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/14 3:27 a.m.37 views

CVE-2026-5361 Envira Gallery <= 1.12.4 - Authenticated (Author+) Stored Cross-Site Scripting via 'arrows' Parameter

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

6.4CVSS0.0035EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

WordPress plugin Envira Gallery Lite 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.0035EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-40849

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the update gallery data function and improper output escaping in the gallery init function. The...

6.4CVSS6AI score0.0035EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/05/13 2:42 p.m.9 views

WordPress Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More plugin <= 1.12.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Envira Photo Gallery versions = 1.12.4...

6.4CVSS5.8AI score0.0035EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/05 1:40 p.m.3 views

CVE-2026-1236

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS6AI score0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 9:31 a.m.4 views

EUVD-2026-9376

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS6AI score0.00193EPSS
Exploits0References5
NVD
NVD
added 2026/03/04 9:15 a.m.6 views

CVE-2026-1236

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00193EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/04 8:23 a.m.3 views

CVE-2026-1236 Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/04 8:23 a.m.2 views

CVE-2026-1236

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS6AI score0.00193EPSS
Exploits0References5
CVE
CVE
added 2026/03/04 8:23 a.m.12 views

CVE-2026-1236

CVE-2026-1236 : Envira Gallery for WordPress (WordPress plugin)

6.4CVSS6AI score0.00193EPSS
Exploits0References4
Rows per page
Query Builder