Lucene search
K

11524 matches found

Nuclei
Nuclei
added 5 hours ago28 views

WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting

WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via playlist.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.6AI score0.0465EPSS
Exploits2References4
Nuclei
Nuclei
added 5 hours ago56 views

Gallery Photoblocks < 1.1.43 - Cross-Site Scripting

The Gallery PhotoBlocks WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. id: CVE-2019-15829 info: name: Gallery Photoblocks 1.1.43 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The Gallery PhotoBlocks WordPress plugin was affected by...

4.8CVSS6.1AI score0.01318EPSS
Exploits1References5
Nuclei
Nuclei
added 5 hours ago54 views

Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion

Joomla! Omilen Photo Gallery comomphotogallery component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. id: CVE-2009-4202 info: name: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion...

7.5CVSS6.3AI score0.08109EPSS
Exploits1References5
Nuclei
Nuclei
added 5 hours ago104 views

Art Gallery Management System Project v1.0 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. id: CVE-2023-23161 info: name: Art...

6.1CVSS6.6AI score0.0591EPSS
Exploits4References5
Nuclei
Nuclei
added 5 hours ago19 views

WordPress zm-gallery plugin 1.0 SQL Injection

zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection via the order parameter. id: CVE-2016-10940 info: name: WordPress zm-gallery plugin 1.0 SQL Injection author: cckuailong,daffainfo severity: high description: zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection vi...

7.2CVSS7AI score0.05596EPSS
Exploits2References5
Nuclei
Nuclei
added 5 hours ago17 views

10Web Photo Gallery < 1.5.55 - SQL Injection

WordPress plugin 10Web Photo Gallery versions before 1.5.55 contains a SQL injection caused by unvalidated input in the 'bwgsearchx' parameter in frontend/models/model.php, letting attackers execute arbitrary SQL commands, exploit requires attacker to control the 'bwgsearchx' parameter. id:...

9.8CVSS7.2AI score0.05418EPSS
Exploits1References3
Nuclei
Nuclei
added 5 hours ago59 views

Contest Gallery - Broken Access Control

Contest Gallery from n/a through 23.1.2 contains an exposure of sensitive information to an unauthorized actor caused by insufficient access controls, letting attackers access sensitive data, exploit requires no specific conditions. id: CVE-2024-43283 info: name: Contest Gallery - Broken Access...

7.5CVSS6.1AI score0.01104EPSS
Exploits0References2
Nuclei
Nuclei
added 5 hours ago12 views

WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting

The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the album's name before outputting it in pages or posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting XSS attacks even when the unfiltered-html capabilit...

4.8CVSS6.1AI score0.00872EPSS
Exploits2References3
Nuclei
Nuclei
added 5 hours ago81 views

WordPress InPost Gallery <2.1.4.1 - Local File Inclusion

WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on...

9.8CVSS7.2AI score0.09519EPSS
Exploits2References5
Nuclei
Nuclei
added 5 hours ago44 views

WordPress WP Video Gallery <=1.7.1 - SQL Injection

WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

9.8CVSS7.1AI score0.09238EPSS
Exploits1References5
Nuclei
Nuclei
added 5 hours ago84 views

WordPress Gallery <2.0.0 - Cross-Site Scripting

WordPress Gallery plugin before 2.0.0 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, available to both unauthenticated and authenticated users. id: CVE-2022-1946 info: name: WordPres...

6.1CVSS6.4AI score0.01626EPSS
Exploits2References5
Nuclei
Nuclei
added 5 hours ago60 views

WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting

WordPress Photo Gallery by 10Web plugin before 1.5.69 contains multiple reflected cross-site scripting vulnerabilities via the galleryid, tag, albumid and themeid GET parameters passed to the bwgfrontenddata AJAX action, available to both unauthenticated and authenticated users. id: CVE-2021-2429...

6.1CVSS6.5AI score0.1445EPSS
Exploits2References3
Nuclei
Nuclei
added 5 hours ago36 views

All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery

WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery SSRF via the 'dl' parameter found in the /public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the serve...

8.2CVSS7AI score0.25869EPSS
Exploits0References5
EUVD
EUVD
added 6 hours ago4 views

EUVD-2025-210458

The Ultimate Before After Image Slider & Gallery WordPress plugin before 4.7.1 does not escape the value of the BEAF Slider widget's shortcode field before outputting it on the front end the value is passed through doshortcode, which echoes non-shortcode content verbatim, allowing users with...

6.1AI score
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57695

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan Rossiter Document Gallery document-gallery allows Reflected XSS.This issue affects Document Gallery: from n/a through = 5.1.0...

7.1CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday15 views

CVE-2026-57695 WordPress Document Gallery plugin <= 5.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan Rossiter Document Gallery document-gallery allows Reflected XSS.This issue affects Document Gallery: from n/a through = 5.1.0...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57695

The CVE-2026-57695 entry relates to the WordPress Document Gallery plugin (

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday156 views

NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure

The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getitem function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data includi...

5.3CVSS7AI score0.38023EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday102 views

Photo Gallery by 10Web < 1.6.0 - SQL Injection

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwgtagidbwgthumbnails0 parameter before using it in a SQL statement via the bwgfrontenddata AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL injection id:...

9.8CVSS7.1AI score0.74615EPSS
Exploits4References4
NVD
NVD
added 3 days ago6 views

CVE-2026-5743

The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient input sanitization and output escaping on the sliderMaxHeight block attribute in the...

6.4CVSS0.00259EPSS
Exploits0References10
Rows per page
Query Builder