Lucene search
K

64 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-5743

The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient input sanitization and output escaping on the sliderMaxHeight block attribute in the...

6.4CVSS0.00259EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-5743 Mixed Media Gallery Blocks <= 3.3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via sliderMaxHeight Block Attribute

The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient input sanitization and output escaping on the sliderMaxHeight block attribute in the...

6.4CVSS0.00259EPSS
Exploits0References10
CVE
CVE
added 4 days ago10 views

CVE-2026-5743

The CVE concerns the SimpLy Gallery Block & Lightbox WordPress plugin. A stored XSS vulnerability exists through the sliderMaxHeight block attribute in all versions up to and including 3.3.3.2, caused by insufficient input sanitization and output escaping in pgc_sgb_render_callback(). The root ca...

6.4CVSS6.2AI score0.00259EPSS
Exploits0References10
EUVD
EUVD
added 2026/04/16 6:31 a.m.8 views

EUVD-2026-23172

The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/16 3:36 a.m.39 views

CVE-2026-5070 Vantage <= 1.20.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Block Text Content

The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/16 3:36 a.m.4 views

CVE-2026-5070 Vantage <= 1.20.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Block Text Content

The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 3:36 a.m.8 views

CVE-2026-5070

The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.7 views

PT-2026-33254

The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/04/15 11:11 p.m.7 views

WordPress Vantage plugin <= 1.20.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Block Text Content vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Gallery Block Text Content vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Theme Vantage versions = 1.20.32...

6.4CVSS5.8AI score0.00194EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.27 views

CVE-2026-25345 WordPress SimpLy Gallery plugin <= 3.3.2 - Arbitrary Code Execution vulnerability

Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SimpLy Gallery: from n/a through = 3.3.2...

9.9CVSS0.00447EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/02 8:8 p.m.9 views

WordPress Spectra - WordPress Gutenberg Blocks plugin <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Gallery Block vulnerability

WordPress Spectra - WordPress Gutenberg Blocks plugin = 2.12.8 - Authenticated Contributor+ Stored Cross-Site Scripting via Image Gallery Block vulnerability discovered by wesley wcraft in WordPress Plugin Spectra versions = 2.12.8...

6.4CVSS5.2AI score0.00265EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Kona Gallery Block plugin <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Nishiv - Developer in WordPress Plugin Kona Gallery Block versions = 1.7...

6.4CVSS5.3AI score0.00212EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-201976

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through = 3.2.8...

6.5CVSS5.5AI score0.00167EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:18 p.m.7 views

CVE-2025-63052

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through = 3.3.2.1...

6.5CVSS0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:52 p.m.24 views

CVE-2025-63052 WordPress SimpLy Gallery plugin <= 3.3.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through = 3.3.2.1...

6.5CVSS0.00167EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:52 p.m.13 views

CVE-2025-63052

The CVE-2025-63052 entry applies to the WordPress plugin SimpLy Gallery (simply-gallery-block) version

6.5CVSS5.9AI score0.00167EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.13 views

PT-2025-50053

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through = 3.2.8...

6AI score0.00167EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/07 3:54 p.m.4 views

CVE-2025-49394

Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo gallery/photo album.: from n/a...

7.1CVSS7AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 4:15 p.m.5 views

CVE-2025-49394

Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo gallery/photo album.: from n/a...

7.1CVSS0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/06 3:53 p.m.3 views

CVE-2025-49394 WordPress Image Gallery block – Create and display photo gallery/photo album. plugin <= 1.0.7 - Broken Authentication vulnerability

Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo gallery/photo album.: from n/a...

7.1CVSS6.6AI score0.00264EPSS
Exploits0References1
Rows per page
Query Builder