56 matches found
WordPress Justified Gallery plugin <= 1.9.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Justified Gallery versions = 1.9.0...
CVE-2026-1236
The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-1236
The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-1236
CVE-2026-1236 : Envira Gallery for WordPress (WordPress plugin)
CVE-2026-1236 Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API
The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-1236
The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-1236 Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API
The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justifiedgallerytheme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
PT-2026-22884
Name of the Vulnerable Software and Affected Versions Envira Gallery for WordPress plugin versions up to and including 1.12.3 Description The Envira Gallery for WordPress plugin is susceptible to Stored Cross-Site Scripting through the justified gallery theme parameter. Insufficient input...
WordPress Envira Gallery for WordPress plugin <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API vulnerability
Authenticated Author+ Stored Cross-Site Scripting via 'justifiedgallerytheme' Parameter via REST API vulnerability discovered by WordFence in WordPress Plugin Envira Photo Gallery versions = 1.12.3...
CVE-2023-25473
Cross-Site Request Forgery CSRF vulnerability in Miro Mannino Flickr Justified Gallery plugin = 3.5 versions...
CVE-2023-40213
Missing Authorization vulnerability in Mateusz Czardybon Justified Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justified Gallery: from n/a through 1.7.3...
EUVD-2015-9167
Malware in sbrugna...
EUVD-2023-44810
Malicious code in bioql PyPI...
EUVD-2023-29428
Malicious code in bioql PyPI...
EUVD-2022-51975
Malicious code in bioql PyPI...
CVE-2022-4651
The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2015-9327
The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS...
CVE-2024-13586
The Masy Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'justified-gallery' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Masy Gallery 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-2224 · WordPress · Masy Gallery
Name of the Vulnerable Software and Affected Versions: Masy Gallery plugin for WordPress versions up to, and including, 1.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'justified-gallery' shortcode due to insufficient input sanitization and output escaping on...