CVE-2022-4063

The CVE-2022-4063 issue affects WordPress InPost Gallery plugin versions before 2.1.4.1. The root cause is insecure use of PHP’s extract() when rendering HTML views, which can force inclusion of arbitrary files/URLs and may enable code execution on the server via Local File Inclusion (LFI) or rem...

CVE-2024-11002

CVE-2024-11002 — InPost Gallery (WordPress) The InPost Gallery plugin is vulnerable up to version 2.1.4.2 to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action. The issue arises from validating a value before executing do_shortcode, enabling authenticated user...