CVE-2026-1236

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2026-1236

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2026-1236

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2026-1236

CVE-2026-1236 : Envira Gallery for WordPress (WordPress plugin)

CVE-2026-1236 Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2026-1236 Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API

The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

PT-2026-22884

Name of the Vulnerable Software and Affected Versions Envira Gallery for WordPress plugin versions up to and including 1.12.3 Description The Envira Gallery for WordPress plugin is susceptible to Stored Cross-Site Scripting through the justified gallery theme parameter. Insufficient input...

WordPress Envira Gallery for WordPress plugin <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'justifiedgallerytheme' Parameter via REST API vulnerability discovered by WordFence in WordPress Plugin Envira Photo Gallery versions = 1.12.3...

CVE-2025-31422

Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts allows Object Injection.This issue affects Visual Art | Gallery WordPress Theme: from n/a through = 2.4...

WordPress Visual Art | Gallery WordPress Theme <= 2.4 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Visual Art | Gallery WordPress Theme versions = 2.4...

countrylion.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-295922 Description| Value ---|--- Affected Website:| countrylion.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

JV2 Folder Gallery 3.1.1 - &#039;popup_slideshow.php&#039; Multiple Vulnerabilities

----------------------------------------------------------------------------------- JV2 Folder Gallery 3.1.1 popupslideshow.php Multiple Vulnerability ----------------------------------------------------------------------------------- Vendor: www.foldergallery.jv2.net download:...