Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
PluginusInpost Gallery

3 matches found

CVE
CVEadded 2022/12/19 1:41 p.m.75 views

CVE-2022-4063

The CVE-2022-4063 issue affects WordPress InPost Gallery plugin versions before 2.1.4.1. The root cause is insecure use of PHP’s extract() when rendering HTML views, which can force inclusion of arbitrary files/URLs and may enable code execution on the server via Local File Inclusion (LFI) or rem...

9.8CVSS9.5AI score0.88041EPSS
In wildWeb
CVE
CVEadded 2023/03/22 12:0 a.m.58 views

CVE-2023-28666

The CVE-2023-28666 entry affects the InPost Gallery WordPress plugin. A reflected XSS vulnerability exists in the imgurl parameter of the add_inpost_gallery_slide_item action, exploitable only by an authenticated user, and affects versions prior to 2.2.2. Remediation: upgrade to version 2.2.2 or ...

5.4CVSS5.3AI score0.00253EPSS
Web
CVE
CVEadded 2024/11/26 6:43 a.m.58 views

CVE-2024-11002

CVE-2024-11002 — InPost Gallery (WordPress) The InPost Gallery plugin is vulnerable up to version 2.1.4.2 to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action. The issue arises from validating a value before executing do_shortcode, enabling authenticated user...

6.3CVSS6.4AI score0.00269EPSS