CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53257 – WordPress Gmedia Photo Gallery plugin <= 1.23.0 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-53257
27 Jun 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Serhii Pasyuk Gmedia Photo Gallery allows PHP Local File Inclusion. This issue affects Gmedia Photo Gallery: from n/a through 1.23.0. The Gmedia Photo Gallery plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.23.0. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files... • https://patchstack.com/database/wordpress/plugin/grand-media/vulnerability/wordpress-gmedia-photo-gallery-plugin-1-23-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4339 – Gmedia Photo Gallery <= 1.6.4 - Open Proxy
https://notcve.org/view.php?id=CVE-2015-4339
27 May 2015 — The Gmedia Photo Gallery plugin for WordPress is vulnerable to Open Proxy attacks in versions up to, and including, 1.6.4. This is due to inclusion of a script intended to load images from a url that doesn't end in an image file extension. This makes it possible for unauthenticated attackers to proxy through the server and perform anonymized attacks on other servers. • CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') •