CVE-2025-49394

The WordPress Image Gallery block (plugin) with versions up to 1.0.7 is affected by a Missing Authorization vulnerability caused by insufficient access-control checks in multiple functions, allowing authenticated users with Subscriber-level access and above to view/activate plugins and access fun...

CVE-2024-1815

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

CVE-2024-1815

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

PT-2024-18331 · WordPress · Spectra

Name of the Vulnerable Software and Affected Versions: Spectra – WordPress Gutenberg Blocks plugin versions up to, and including, 2.12.8 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Image Gallery block, allowing...