Skip to main content

Envira Gallery

5 CVEs product

Monthly

CVE-2024-43925 HIGH This Week

Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.8.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Envira Gallery
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-3899 MEDIUM POC This Month

The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Envira Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2022-2190 MEDIUM POC This Month

The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Envira Gallery
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-24126 MEDIUM POC This Month

Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress XSS Envira Gallery
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-9334 MEDIUM This Month

A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Envira Gallery
NVD
CVSS 3.1
5.4
EPSS
0.8%
EPSS 0% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.8.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Envira Gallery
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Envira Gallery
NVD WPScan
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Envira Gallery
NVD WPScan
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress XSS +1
NVD WPScan
EPSS 1% CVSS 5.4
MEDIUM This Month

A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Envira Gallery
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy