WordPress zm-gallery plugin 1.0 SQL Injection

zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection via the order parameter. id: CVE-2016-10940 info: name: WordPress zm-gallery plugin 1.0 SQL Injection author: cckuailong,daffainfo severity: high description: zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection vi...

EUVD-2026-37586

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

CVE-2026-12165

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

CVE-2026-12165 Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

CVE-2026-42660 WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...

CVE-2026-42660

CVE-2026-42660 affects the WordPress Contest Gallery plugin up to version 28.1.7 . The issue is described as a Sensitive Data Exposure impacting subscribers. Documents provide the vulnerability label and affected version but do not include root cause specifics, exploit details, or concrete remedi...

CVE-2026-42657 WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type in Contest Gallery = 28.1.7 versions...

CVE-2026-42657 WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type in Contest Gallery = 28.1.7 versions...

CVE-2026-42656 WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Contest Gallery = 28.1.6 versions...

CVE-2026-40771 WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...

CVE-2026-1291 Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

CVE-2026-9134 Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributekey' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomplete JavaScript event handler blacklist in the foogallerysanitizejavascript function, which blocks onl...

PT-2026-47144

Name of the Vulnerable Software and Affected Versions The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions prior to 1.8.42 Description Insufficient escaping of user-supplied parameters and lack of proper preparation of SQL queries allow authenticated attackers...

PT-2026-46858

Summary AVideo stores category descriptions from user input and later renders category description as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes when another user views the affected Gallery/category page...

CVE-2026-7048

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

EUVD-2026-32744

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

CVE-2026-8867

The Post Category Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'postcategorygallery' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as...

WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan in WordPress Plugin Image Photo Gallery Final Tiles Grid versions = 3.6.11...

CVE-2026-8912

CVE-2026-8912 affects the Contest Gallery plugin for WordPress up to version 28.1.6. It is an unauthenticated SQL Injection via the form_input parameter in the post_cg_gallery_form_upload AJAX action (cb branch of users-upload-check.php), where $f_input_id is concatenated unquoted into a SQL quer...

CVE-2026-8912 Contest Gallery <= 28.1.6 - Unauthenticated SQL Injection

The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'forminput' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query inside the unauthenticat...