Envira Gallery@* Security Vulnerabilities and Issues — Envira Gallery@* CVE List

Lucene search

EnviragalleryEnvira Gallery*

8 matches found

CVE•added 2020/02/25 5:15 p.m.•94 views

CVE-2020-9334

A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.

5.4CVSS5.2AI score0.0048EPSS

CVE•added 2021/01/15 7:15 a.m.•66 views

CVE-2020-35581

A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter.

5.4CVSS5.2AI score0.00483EPSS

CVE•added 2024/01/11 9:15 a.m.•65 views

CVE-2023-6742

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated ...

4.3CVSS4.6AI score0.00159EPSS

CVE•added 2021/01/15 7:15 a.m.•62 views

CVE-2020-35582

A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.

5.4CVSS5.2AI score0.00483EPSS

CVE•added 2021/03/18 3:15 p.m.•57 views

CVE-2021-24126

Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation.

5.4CVSS5.4AI score0.00222EPSS

CVE•added 2022/10/31 4:15 p.m.•54 views

CVE-2022-2190

The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

6.1CVSS6.1AI score0.00155EPSS

CVE•added 2024/09/11 6:15 a.m.•37 views

CVE-2024-3899

The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform Cross-Site Scripting attacks.

4.8CVSS5.3AI score0.00072EPSS

CVE•added 2024/11/01 3:15 p.m.•34 views

CVE-2024-43925

Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.14.

8.8CVSS5.7AI score0.00177EPSS