60 matches found
WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Que Thanh Tuan in WordPress Plugin Image Photo Gallery Final Tiles Grid versions = 3.6.11...
CVE-2026-39510
Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through = 3.6.11...
Arbitrary File Upload
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Arbitrary File Upload in the saveFile function. An authenticated user with manage permissions on a video can execute arbitrary code on the server by uploading a...
WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery versions = 1.6.0...
CVE-2026-24939 WordPress Modula Image Gallery plugin <= 2.13.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modula Image Gallery: from n/a through = 2.13.6...
WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'Custom Scripts' Setting vulnerability discovered by WordFence in WordPress Plugin Image Photo Gallery Final Tiles Grid versions = 3.6.8...
EUVD-2025-203951
AVideo versions prior to 20.0 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload ...
CVE-2025-34434 AVideo < 20.1 ImageGallery Plugin Unauthenticated File Upload and Deletion
AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload ...
AVideo 访问控制错误漏洞
AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. An access control error vulnerability exists in AVideo versions prior to 20.0 that stems from a lack of authentication and ownership verification in the ImageGallery plugin endpoint, which could lead to...
CVE-2025-14003
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addimagestogallerycallback function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, wit...
CVE-2025-14003
CVE-2025-14003 affects the WordPress plugin “Image Gallery – Photo Grid & Video Gallery” (Modula) up to version 2.13.3. The root cause is a missing capability check in add_images_to_gallery_callback(), enabling authenticated attackers with Author-level access or higher to modify data by adding im...
EUVD-2025-203051
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.13.3. This is due to the modulalistfolders AJAX endpoint that lacks proper path validation and base directory restrictions. While the endpoint verifies user...
CVE-2025-12494
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaximportfile function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level...
CVE-2025-12494
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaximportfile function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level...
CVE-2025-12494
CVE-2025-12494 affects the WordPress plugin Image Gallery – Photo Grid & Video Gallery (modula-best-grid-gallery) up to version 2.12.28. The flaw arises from insufficient file path validation in the ajax_import_file function, allowing an authenticated attacker with author-level access (or higher)...
CVE-2025-12494 Image Gallery – Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move
The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaximportfile function in all versions up to, and including, 2.12.28. This makes it possible for authenticated attackers, with author-level...
EUVD-2017-5637
Malware in sbrugna...
EUVD-2016-5954
Malware in sbrugna...
EUVD-2024-26764
Malicious code in bioql PyPI...
EUVD-2025-23428
Malicious code in bioql PyPI...