CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49415 – WordPress FW Gallery <= 8.0.0 - Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2025-49415
10 Jun 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Gallery allows Path Traversal. This issue affects FW Gallery: from n/a through 8.0.0. The FW Gallery – Photo, video, audio media presentation and management system with players and slideshow plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 8.0.0. This makes it possible for unauthenticated attac... • https://patchstack.com/database/wordpress/plugin/fw-gallery/vulnerability/wordpress-fw-gallery-8-0-0-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49451 – WordPress Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery <= 1.0.12 - Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2025-49451
09 Jun 2025 — Path Traversal vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery allows Path Traversal. This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through 1.0.12. The Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.12. This makes it possible for unauthentica... • https://patchstack.com/database/wordpress/plugin/aeroscroll-gallery/vulnerability/wordpress-aeroscroll-gallery-infinite-scroll-image-gallery-post-grid-with-photo-gallery-1-0-12-directory-traversal-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29011 – WordPress YouTube Simple Gallery <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-29011
05 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CHR Designer YouTube Simple Gallery allows Stored XSS. This issue affects YouTube Simple Gallery: from n/a through 2.2.0. The YouTube Simple Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to... • https://patchstack.com/database/wordpress/plugin/youtube-simple-gallery/vulnerability/wordpress-youtube-simple-gallery-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31050 – WordPress Apptha Slider Gallery plugin <= 2.5 - Arbitrary File Read vulnerability
https://notcve.org/view.php?id=CVE-2025-31050
29 May 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery allows Path Traversal. This issue affects Apptha Slider Gallery: from n/a through 2.5. The Apptha Slider Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. • https://patchstack.com/database/wordpress/plugin/apptha-slider-gallery/vulnerability/wordpress-apptha-slider-gallery-plugin-2-5-arbitrary-file-read-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3862 – Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
https://notcve.org/view.php?id=CVE-2025-3862
07 May 2025 — Contest Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 26.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/browser/contest-gallery/tags/26.0.5/shortcodes/cg_entry_on_off.php#L20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47521 – WordPress Robo Gallery <= 5.0.2 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-47521
07 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery allows Stored XSS. This issue affects Robo Gallery: from n/a through 5.0.2. The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in... • https://patchstack.com/database/wordpress/plugin/robo-gallery/vulnerability/wordpress-robo-gallery-5-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 2CVE-2025-47549 – WordPress BEAF <= 4.6.10 - Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-47549
07 May 2025 — Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10. The Ultimate Before After Image Slider & Gallery – BEAF plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.6.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site... • https://github.com/d0n601/CVE-2025-47549 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47632 – WordPress Awesome Gallery <= 1.0 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-47632
07 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raihanul Islam Awesome Gallery allows Stored XSS. This issue affects Awesome Gallery: from n/a through 1.0. The Awesome Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web s... • https://patchstack.com/database/wordpress/plugin/awesome-gallery/vulnerability/wordpress-awesome-gallery-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47677 – WordPress Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.25 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-47677
07 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery allows Stored XSS. This issue affects Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery: from n/a through 2.7.7.25. The Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.7.25 due to insufficient input sanitization an... • https://patchstack.com/database/wordpress/plugin/gt3-photo-video-gallery/vulnerability/wordpress-photo-gallery-gt3-image-gallery-gutenberg-block-gallery-2-7-7-25-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47449 – WordPress Meow Gallery <= 5.2.7 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-47449
07 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Meow Gallery allows Stored XSS. This issue affects Meow Gallery: from n/a through 5.2.7. The Meow Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in page... • https://patchstack.com/database/wordpress/plugin/meow-gallery/vulnerability/wordpress-meow-gallery-5-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •