CVSS: 7.5EPSS: %CPEs: 1EXPL: 0CVE-2025-32649 – WordPress GB Gallery Slideshow Plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32649
10 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gb-plugins GB Gallery Slideshow allows Reflected XSS. This issue affects GB Gallery Slideshow: from n/a through 1.3. The GB Gallery Slideshow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha... • https://patchstack.com/database/wordpress/plugin/gb-gallery-slideshow/vulnerability/wordpress-gb-gallery-slideshow-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31732 – WordPress GB Gallery Slideshow plugin <= 1.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-31732
01 Apr 2025 — Missing Authorization vulnerability in gb-plugins GB Gallery Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GB Gallery Slideshow: from n/a through 1.3. The GB Gallery Slideshow plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/gb-gallery-slideshow/vulnerability/wordpress-gb-gallery-slideshow-plugin-1-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •