Inpost Gallery Security Vulnerabilities and Issues — Inpost Gallery CVE List

Lucene search

PluginusInpost Gallery

3 matches found

CVE•added 2022/12/19 2:15 p.m.•60 views

CVE-2022-4063

The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.

9.8CVSS9.5AI score0.9038EPSS

CVE•added 2023/03/22 9:15 p.m.•50 views

CVE-2023-28666

The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user.

5.4CVSS5.3AI score0.00153EPSS

CVE•added 2024/11/26 7:15 a.m.•46 views

CVE-2024-11002

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...

6.3CVSS6.4AI score0.00186EPSS