CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31412 – WordPress JetProductGallery plugin <= 2.1.22 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-31412
29 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetProductGallery allows DOM-Based XSS. This issue affects JetProductGallery: from n/a through 2.1.22. The JetProductGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitr... • https://patchstack.com/database/wordpress/plugin/jet-woo-product-gallery/vulnerability/wordpress-jetproductgallery-plugin-2-1-22-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-28869 – WordPress NextGEN Gallery Voting plugin <= 2.7.6 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-28869
24 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound NextGEN Gallery Voting allows Reflected XSS. This issue affects NextGEN Gallery Voting: from n/a through 2.7.6. The NextGEN Gallery Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages... • https://patchstack.com/database/wordpress/plugin/nextgen-gallery-voting/vulnerability/wordpress-nextgen-gallery-voting-plugin-2-7-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23705 – Zielke Design Project Gallery <= 2.5.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2025-23705
19 Mar 2025 — The Zielke Design Project Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22566 – WordPress ULTIMATE VIDEO GALLERY Plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22566
18 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ULTIMATE VIDEO GALLERY allows Reflected XSS. This issue affects ULTIMATE VIDEO GALLERY: from n/a through 1.4. The ULTIMATE VIDEO GALLERY plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha... • https://patchstack.com/database/wordpress/plugin/ultimate-gallery/vulnerability/wordpress-ultimate-video-gallery-plugin-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26581 – WordPress Picture Gallery plugin <= 1.6.2 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-26581
12 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in videowhisper Picture Gallery allows Reflected XSS. This issue affects Picture Gallery: from n/a through 1.6.2. The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbi... • https://patchstack.com/database/wordpress/plugin/picture-gallery/vulnerability/wordpress-picture-gallery-plugin-1-5-23-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10144 – Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-10144
11 Mar 2025 — The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery Settings in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1513 – Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 26.0.0.1 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2025-1513
27 Feb 2025 — The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Name and Comment field when commenting on photo gallery entries in all versions up to, and including, 26.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever ... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3245199%40contest-gallery&new=3245199%40contest-gallery&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27276 – WordPress Photo Gallery ( Responsive ) plugin <= 4.0 - CSRF to Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2025-27276
24 Feb 2025 — Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) allows Privilege Escalation. This issue affects Photo Gallery ( Responsive ): from n/a through 4.0. The Photo Gallery ( Responsive ) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to achieve privilege escalation granted they can trick a site ... • https://patchstack.com/database/wordpress/plugin/photo-gallery-pearlbells/vulnerability/wordpress-photo-gallery-responsive-plugin-4-0-csrf-to-privilege-escalation-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27277 – WordPress Add Linked Images To Gallery plugin <= 1.4 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-27277
24 Feb 2025 — Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt Add Linked Images To Gallery allows Cross Site Request Forgery. This issue affects Add Linked Images To Gallery: from n/a through 1.4. The Add Linked Images To Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts vi... • https://patchstack.com/database/wordpress/plugin/add-linked-images-to-gallery-v01/vulnerability/wordpress-add-linked-images-to-gallery-plugin-1-4-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26931 – WordPress Tribulant Gallery Voting plugin <= 1.2.1 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-26931
23 Feb 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Tribulant Gallery Voting allows Stored XSS. This issue affects Tribulant Gallery Voting: from n/a through 1.2.1. The Tribulant Gallery Voting plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged requ... • https://patchstack.com/database/wordpress/plugin/gallery-voting/vulnerability/wordpress-tribulant-gallery-voting-plugin-1-2-1-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •