Lucene search
K

124 matches found

NVD
NVD
added 2026/06/18 1:25 p.m.11 views

CVE-2026-2021

The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...

6.4CVSS0.00205EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/18 8:31 a.m.21 views

CVE-2026-2021 Slideshow Gallery LITE <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alwaysauto' Shortcode Attribute

The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...

6.4CVSS0.00205EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/18 8:31 a.m.12 views

EUVD-2026-37868

The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...

6.4CVSS5.6AI score0.00205EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/18 8:31 a.m.6 views

CVE-2026-2021

The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible...

6.4CVSS5.5AI score0.00205EPSS
Exploits0References7
CVE
CVE
added 2026/06/18 8:31 a.m.20 views

CVE-2026-2021

The CVE concerns the WordPress Slideshow Gallery LITE plugin (versions

6.4CVSS5.5AI score0.00205EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/17 8:0 p.m.7 views

WordPress Slideshow Gallery LITE plugin <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Slideshow Gallery versions = 1.8.5...

6.4CVSS5.2AI score0.00205EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/15 12:0 p.m.13 views

CVE-2016-20081

HB Audio Gallery Lite 1.0.0 (WordPress) has a path traversal in audio-download.php via the file_path parameter that allows unauthenticated access to arbitrary files outside the gallery directory (e.g., wp-config.php). Root cause: inadequate validation of the file_path input. The connected documen...

8.7CVSS5.5AI score0.00641EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.7 views

CVE-2016-20081 WordPress Plugin HB Audio Gallery Lite 1.0.0 Path Traversal File Download

WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...

8.7CVSS5.4AI score0.00641EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 p.m.7 views

EUVD-2016-10893

WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...

8.7CVSS5.4AI score0.00641EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.8 views

CVE-2026-5361

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

6.4CVSS5.7AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 5:16 a.m.11 views

CVE-2026-5361

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

6.4CVSS0.0035EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/14 3:27 a.m.10 views

CVE-2026-5361 Envira Gallery <= 1.12.4 - Authenticated (Author+) Stored Cross-Site Scripting via 'arrows' Parameter

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

6.4CVSS6AI score0.0035EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:27 a.m.13 views

CVE-2026-5361

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

6.4CVSS6AI score0.0035EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/14 3:27 a.m.9 views

EUVD-2026-30215

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

6.4CVSS6AI score0.0035EPSS
Exploits0References6
CVE
CVE
added 2026/05/14 3:27 a.m.21 views

CVE-2026-5361

CVE-2026-5361 affects the WordPress plugin Envira Gallery Lite (

6.4CVSS6AI score0.0035EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/14 3:27 a.m.37 views

CVE-2026-5361 Envira Gallery <= 1.12.4 - Authenticated (Author+) Stored Cross-Site Scripting via 'arrows' Parameter

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the updategallerydata function and improper output escaping in the galleryinit function. The...

6.4CVSS0.0035EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

WordPress plugin Envira Gallery Lite 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.0035EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-40849

The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the update gallery data function and improper output escaping in the gallery init function. The...

6.4CVSS6AI score0.0035EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/08 9:31 a.m.2 views

EUVD-2026-20177

Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through = 3.6.11...

5.9AI score0.00204EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.2 views

CVE-2026-39510

Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through = 3.6.11...

2.7CVSS0.00204EPSS
Exploits0References1
Rows per page
Query Builder