WordPress InPost Gallery <2.1.4.1 - Local File Inclusion

WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on...

WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hivesec in WordPress Plugin InPost Gallery versions = 2.1.4.6...

EUVD-2025-27026

Malicious code in bioql PyPI...

EUVD-2023-32327

Malicious code in bioql PyPI...

EUVD-2025-11121

Malicious code in bioql PyPI...

EUVD-2024-33729

Malicious code in bioql PyPI...

CVE-2025-57889

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RealMag777 InPost Gallery inpost-gallery allows PHP Local File Inclusion.This issue affects InPost Gallery: from n/a through = 2.1.4.5...

CVE-2025-57889

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RealMag777 InPost Gallery inpost-gallery allows PHP Local File Inclusion.This issue affects InPost Gallery: from n/a through = 2.1.4.5...

CVE-2025-57889 WordPress InPost Gallery Plugin <= 2.1.4.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RealMag777 InPost Gallery inpost-gallery allows PHP Local File Inclusion.This issue affects InPost Gallery: from n/a through = 2.1.4.5...

CVE-2025-57889 WordPress InPost Gallery Plugin <= 2.1.4.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RealMag777 InPost Gallery inpost-gallery allows PHP Local File Inclusion.This issue affects InPost Gallery: from n/a through = 2.1.4.5...

CVE-2025-57889

CVE-2025-57889 affects the WordPress InPost Gallery plugin up to version 2.1.4.5. It is an Improper Control of Filename for Include/Require Statement (PHP Remote File Inclusion) vulnerability that enables PHP Local File Inclusion via include/require statements. Affected software: InPost Gallery (...

PT-2025-36250

Name of the Vulnerable Software and Affected Versions: InPost Gallery versions through 2.1.4.5 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion...

WordPress plugin InPost Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress InPost Gallery Plugin <= 2.1.4.5 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin InPost Gallery versions = 2.1.4.5...

CVE-2024-11002

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpostgallerygetshortcodetemplate AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2023-28666

The InPost Gallery WordPress plugin, in versions 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the addinpostgalleryslideitem action, which can only be triggered by an authenticated user...

CVE-2022-4063

The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...

CVE-2025-26903

Cross-Site Request Forgery CSRF vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through = 2.1.4.3...

CVE-2025-26903

Cross-Site Request Forgery CSRF vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through = 2.1.4.3...

CVE-2025-26903

CVE-2025-26903 describes a Cross-Site Request Forgery (CSRF) vulnerability in InPost Gallery affecting versions up to 2.1.4.3. Exploitation context is not detailed in the provided docs, but a CVSSv3.1 base score of 4.3 (Medium) is listed. Red Hat and Wordfence sources confirm the issue and note t...