760 matches found
CVE-2026-33479
CVE-2026-33479 affects WWBN AVideo (Gallery plugin, saveSort.json.php) where unsanitized values from $_REQUEST['sections'] are fed into eval(), enabling PHP code execution via CSRF against an admin session. The issue exists up to version 26.0; a patch in commit 087dab8841f8bdb54be184105ef19b47c56...
CVE-2026-33479 AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSR...
WWBN AVideo 代码注入漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a code injection vulnerability. This vulnerability stemmed from the saveSort.json.php endpoint in the Gallery plugin, which directly passed uncleaned user input to...
GHSA-XGGW-G9PM-9QHH AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin
Summary The Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSRF token validation. Combined with AVideo's explicit SameSite=None session...
AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin
Summary The Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSRF token validation. Combined with AVideo's explicit SameSite=None session...
CVE-2026-1463
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...
CVE-2026-32418 WordPress Meow Gallery plugin <= 5.4.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through = 5.4.4...
WordPress Contest Gallery plugin <= 28.1.2.1 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by lilmingwa13 in WordPress Plugin Contest Gallery versions = 28.1.2.1...
VulnCheck KEV: CVE-2021-24915
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections...
EUVD-2026-9376
The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-1706
CVE-2026-1706 : All-in-One Video Gallery for WordPress has a Reflected Cross-Site Scripting flaw via the vi parameter in versions up to 4.7.1. Insufficient input sanitization/output escaping allows unauthenticated attackers to inject scripts on pages that a user may perform actions on (e.g., clic...
CVE-2026-1236
The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-1236 Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API
The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-1236
CVE-2026-1236 : Envira Gallery for WordPress (WordPress plugin)
WordPress Contest Gallery plugin <= 28.1.4 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Thomas Sanzey in WordPress Plugin Contest Gallery versions = 28.1.4...
CVE-2026-3180
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cglmail’ parameter in all versions up to, and including, 28.1.4 due to insufficient escaping on the user supplied parameter...
PT-2026-22660
Name of the Vulnerable Software and Affected Versions The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress versions through 28.1.4 Description The software is susceptible to a blind SQL Injection issue due to inadequate escaping of user-supplied...
WordPress Responsive Lightbox & Gallery plugin < 2.6.1 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Responsive Lightbox versions 2.6.1...
CVE-2025-15386
The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with a malicious link when lightbox for comments are enabled and then approved...
CVE-2025-15386
The CVE describes an Unauthenticated Stored XSS in the WordPress plugin “Responsive Lightbox & Gallery”