CVE-2025-57889 WordPress InPost Gallery Plugin <= 2.1.4.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RealMag777 InPost Gallery inpost-gallery allows PHP Local File Inclusion.This issue affects InPost Gallery: from n/a through = 2.1.4.5...

CVE-2025-57889

CVE-2025-57889 affects the WordPress InPost Gallery plugin up to version 2.1.4.5. It is an Improper Control of Filename for Include/Require Statement (PHP Remote File Inclusion) vulnerability that enables PHP Local File Inclusion via include/require statements. Affected software: InPost Gallery (...

CVE-2025-26903 WordPress InPost Gallery plugin <= 2.1.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through = 2.1.4.3...

WordPress InPost Gallery plugin <= 2.1.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin InPost Gallery versions = 2.1.4.3...

WordPress InPost Gallery Plugin <= 2.1.4.2 is vulnerable to Arbitrary Code Execution

Software InPost Gallery Type Plugin Vulnerable versions = 2.1.4.2 Fixed in 2.1.4.3 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-11002 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID 33afec67c5eb Credits Arkadiusz Hydzik Required privile...