Product:

Envira_gallery

(Enviragallery)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 6
Date Id Summary Products Score Patch Annotated
2024-01-11 CVE-2023-6742 The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify galleries on other users' posts. Envira_gallery 4.3
2020-02-25 CVE-2020-9334 A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. Envira_gallery 5.4
2022-10-31 CVE-2022-2190 The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers Envira_gallery 6.1
2021-03-18 CVE-2021-24126 Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation. Envira_gallery 5.4
2021-01-15 CVE-2020-35582 A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter. Envira_gallery 5.4
2021-01-15 CVE-2020-35581 A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter. Envira_gallery 5.4