CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

39 matches found

RedhatCVE•added 2026/03/26 5:2 p.m.•1 views

CVE-2026-32537

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through =...

7.5CVSS5.8AI score0.0017EPSS

Exploits0References1

EUVD•added 2026/03/25 6:31 p.m.•2 views

EUVD-2026-15911

7.5CVSS5.8AI score0.0017EPSS

Exploits0References2

NVD•added 2026/03/25 5:17 p.m.•0 views

CVE-2026-32537

7.5CVSS0.0017EPSS

Exploits0References1

ATTACKERKB•added 2026/03/25 4:15 p.m.•0 views

CVE-2026-32537

5.8AI score0.0017EPSS

Exploits0References2

Vulnrichment•added 2026/03/25 4:15 p.m.•1 views

CVE-2026-32537 WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.5.1 - Local File Inclusion vulnerability

7.5CVSS5.8AI score0.0017EPSS

Exploits0References1

CVE•added 2026/03/25 4:15 p.m.•3 views

CVE-2026-32537

The CVE-2026-32537 entry describes an authenticated Local File Inclusion (LFI) in the WordPress plugin Visual Portfolio, Photo Gallery & Post Grid (visual-portfolio) caused by improper filename control in PHP include/require statements. Affected versions are Visual Portfolio, Photo Gallery & Post...

7.5CVSS5.8AI score0.0017EPSS

Exploits0References1

Cvelist•added 2026/03/25 4:15 p.m.•20 views

CVE-2026-32537 WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.5.1 - Local File Inclusion vulnerability

7.5CVSS0.0017EPSS

Exploits0References1

Positive Technologies•added 2026/03/25 12:0 a.m.•0 views

PT-2026-28051

5.8AI score0.0017EPSS

Exploits0References2

CNNVD•added 2026/03/25 12:0 a.m.•2 views

WordPress plugin Visual Portfolio, Photo Gallery & Post Grid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.5CVSS5.8AI score0.0017EPSS

Exploits0References1

Patchstack•added 2026/03/20 2:16 p.m.•4 views

WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.5.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Visual Portfolio, Photo Gallery & Post Grid versions = 3.5.1...

7.5CVSS5.8AI score0.0017EPSS

Exploits0Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-34844

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00149EPSS

Exploits2References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-43999

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00575EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 7:36 a.m.•2 views

CVE-2024-4363

The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

6.4CVSS5.8AI score0.00575EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:32 p.m.•4 views

CVE-2022-2543

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts...

6.1CVSS6.9AI score0.00519EPSS

Exploits2References1

Patchstack•added 2024/12/03 11:52 p.m.•2 views

WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.3.9 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Visual Portfolio, Photo Gallery & Post Grid versions = 3.3.9...

6.4CVSS6.1AI score0.006EPSS

Exploits0References1Affected Software1

CVE•added 2024/05/14 11:31 p.m.•24 views

CVE-2024-4363

CVE-2024-4363 affects Visual Portfolio, Photo Gallery & Post Grid (WordPress). The vulnerability is a Stored XSS via the title_tag parameter in the plugin’s code, affecting all versions up to 3.3.2. The root cause is insufficient input sanitization and output escaping, enabling authenticated atta...

6.4CVSS5.7AI score0.00575EPSS

Exploits0References3

Patchstack•added 2024/05/14 12:19 p.m.•1 views

WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.3.2 - Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter vulnerability

Authenticated Author+ Stored Cross-Site Scripting via titletag Parameter vulnerability discovered by João G. Barbosa 4rCanJ0x! in WordPress Plugin Visual Portfolio, Photo Gallery & Post Grid versions = 3.3.2...

6.4CVSS5.8AI score0.00575EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/05/14 12:0 a.m.•1 views

WordPress plugin Visual Portfolio, Photo Gallery & Post Grid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.2AI score0.00575EPSS

Exploits0References2

Patchstack•added 2024/05/14 12:0 a.m.•6 views

WordPress Visual Portfolio, Photo Gallery & Post Grid Plugin <= 3.3.2 is vulnerable to Cross Site Scripting (XSS)

Software Visual Portfolio, Photo Gallery & Post Grid Type Plugin Vulnerable versions = 3.3.2 Fixed in 3.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4363 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f5a76513a112...

6.4CVSS5.8AI score0.00575EPSS

Exploits0References3Affected Software1

NVD•added 2022/09/05 1:15 p.m.•11 views

CVE-2022-2597

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts...

5.4CVSS0.00149EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by