CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23785 – WordPress AI Responsive Gallery Album plugin <= 1.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-23785
16 Jan 2025 — Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through 1.4. The AI Responsive Gallery Album plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an ... • https://patchstack.com/database/wordpress/plugin/ai-responsive-gallery-album/vulnerability/wordpress-ai-responsive-gallery-album-plugin-1-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23842 – WordPress WordPress Gallery Plugin plugin <= 1.4 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-23842
16 Jan 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Nilesh Shiragave WordPress Gallery Plugin allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin: from n/a through 1.4. The WordPress Gallery Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a fo... • https://patchstack.com/database/wordpress/plugin/wordpress-gallery-plugin/vulnerability/wordpress-wordpress-gallery-plugin-plugin-1-4-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23951 – WordPress Gallery: Hybrid – Advanced Visual Gallery plugin <= 1.4.0.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23951
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DivEngine Gallery: Hybrid – Advanced Visual Gallery allows Stored XSS.This issue affects Gallery: Hybrid – Advanced Visual Gallery: from n/a through 1.4.0.2. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en DivEngine Gallery: Hybrid – Advanced Visual Gallery permite XSS almacenado. Este problema afecta a Gallery: Hybrid – Advanced Vis... • https://patchstack.com/database/wordpress/plugin/hybrid-gallery/vulnerability/wordpress-gallery-hybrid-advanced-visual-gallery-plugin-1-4-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23441 – WordPress Attach Gallery Posts plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23441
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Attach Gallery Posts allows Reflected XSS. This issue affects Attach Gallery Posts: from n/a through 1.6. The Attach Gallery Posts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that ... • https://patchstack.com/database/wordpress/plugin/attach-gallery-posts/vulnerability/wordpress-attach-gallery-posts-plugin-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23597 – WordPress Rio Photo Gallery plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23597
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riosis Private Limited Rio Photo Gallery allows Reflected XSS. This issue affects Rio Photo Gallery: from n/a through 0.1. The Rio Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that... • https://patchstack.com/database/wordpress/plugin/rio-photo-gallery/vulnerability/wordpress-rio-photo-gallery-plugin-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23938 – WordPress Image Gallery Box by CRUDLab Plugin <= 1.0.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-23938
16 Jan 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Image Gallery Box by CRUDLab allows PHP Local File Inclusion. This issue affects Image Gallery Box by CRUDLab: from n/a through 1.0.3. The Image Gallery Box by CRUDLab plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute... • https://patchstack.com/database/wordpress/plugin/image-gallery-box-by-crudlab/vulnerability/wordpress-image-gallery-box-by-crudlab-plugin-1-0-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23959 – WordPress Good Old Gallery Plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23959
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linus Lundahl Good Old Gallery allows Reflected XSS. This issue affects Good Old Gallery: from n/a through 2.1.2. The Good Old Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that exe... • https://patchstack.com/database/wordpress/plugin/good-old-gallery/vulnerability/wordpress-good-old-gallery-plugin-2-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 13%CPEs: 1EXPL: 2CVE-2025-23942 – WordPress WP Load Gallery Plugin <= 2.1.6 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2025-23942
16 Jan 2025 — Unrestricted Upload of File with Dangerous Type vulnerability in NgocCode WP Load Gallery allows Upload a Web Shell to a Web Server. This issue affects WP Load Gallery: from n/a through 2.1.6. The WP Load Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may mak... • https://packetstorm.news/files/id/189418 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22797 – WordPress Gallery and Lightbox plugin <= 1.0.14 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22797
13 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oğulcan Özügenç Gallery and Lightbox allows Stored XSS.This issue affects Gallery and Lightbox: from n/a through 1.0.14. The Gallery and Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to i... • https://patchstack.com/database/wordpress/plugin/gallery-and-lightbox/vulnerability/wordpress-gallery-and-lightbox-plugin-1-0-14-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22518 – WordPress Justified Image Gallery plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22518
07 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KentoThemes Justified Image Gallery allows Stored XSS.This issue affects Justified Image Gallery: from n/a through 1.0. The Justified Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to in... • https://patchstack.com/database/wordpress/plugin/justified-image-gallery/vulnerability/wordpress-justified-image-gallery-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •