CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47677 – WordPress Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.25 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-47677
07 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery allows Stored XSS. This issue affects Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery: from n/a through 2.7.7.25. The Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.7.25 due to insufficient input sanitization an... • https://patchstack.com/database/wordpress/plugin/gt3-photo-video-gallery/vulnerability/wordpress-photo-gallery-gt3-image-gallery-gutenberg-block-gallery-2-7-7-25-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26954 – WordPress ZooEffect plugin <= 1.11 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-26954
14 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 1pluginjquery ZooEffect allows Reflected XSS. This issue affects ZooEffect: from n/a through 1.11. The ZooEffect plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successful... • https://patchstack.com/database/wordpress/plugin/1-jquery-photo-gallery-slideshow-flash/vulnerability/wordpress-zooeffect-plugin-1-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27276 – WordPress Photo Gallery ( Responsive ) plugin <= 4.0 - CSRF to Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2025-27276
24 Feb 2025 — Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) allows Privilege Escalation. This issue affects Photo Gallery ( Responsive ): from n/a through 4.0. The Photo Gallery ( Responsive ) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to achieve privilege escalation granted they can trick a site ... • https://patchstack.com/database/wordpress/plugin/photo-gallery-pearlbells/vulnerability/wordpress-photo-gallery-responsive-plugin-4-0-csrf-to-privilege-escalation-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27291 – WordPress Photo Gallery – Image Gallery Plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-27291
21 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxgallery WordPress Photo Gallery – Image Gallery allows Reflected XSS. This issue affects WordPress Photo Gallery – Image Gallery: from n/a through 2.0.4. The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate... • https://patchstack.com/database/wordpress/plugin/photo-image-gallery/vulnerability/wordpress-photo-gallery-image-gallery-plugin-2-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24707 – WordPress Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery plugin <= 2.7.7.24 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-24707
31 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3 Photo Gallery Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery allows Reflected XSS. This issue affects Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery: from n/a through 2.7.7.24. The Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.7.7.24 due to insufficient input s... • https://patchstack.com/database/wordpress/plugin/gt3-photo-video-gallery/vulnerability/wordpress-photo-gallery-gt3-image-gallery-gutenberg-block-gallery-plugin-2-7-7-24-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24697 – WordPress Image Gallery – Responsive Photo Gallery plugin <= 1.0.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-24697
30 Jan 2025 — Missing Authorization vulnerability in Realwebcare Image Gallery – Responsive Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Gallery – Responsive Photo Gallery: from n/a through 1.0.5. The Awesome Responsive Photo Gallery – Image & Video Lightbox Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticate... • https://patchstack.com/database/wordpress/plugin/awesome-responsive-photo-gallery/vulnerability/wordpress-image-gallery-responsive-photo-gallery-plugin-1-0-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23597 – WordPress Rio Photo Gallery plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23597
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riosis Private Limited Rio Photo Gallery allows Reflected XSS. This issue affects Rio Photo Gallery: from n/a through 0.1. The Rio Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that... • https://patchstack.com/database/wordpress/plugin/rio-photo-gallery/vulnerability/wordpress-rio-photo-gallery-plugin-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49325 – WordPress Photo Gallery Builder plugin <= 3.0 - Broken Access Control to Notice Dismissal vulnerability
https://notcve.org/view.php?id=CVE-2024-49325
17 Oct 2024 — Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions. The Photo Gallery Builder plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on one of its functions in versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to invoke this function intended for users with higher level of privilege. • https://patchstack.com/database/vulnerability/photo-gallery-builder/wordpress-photo-gallery-builder-plugin-3-0-broken-access-control-to-notice-dismissal-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44043 – WordPress Photo Gallery by 10Web plugin <= 1.8.27 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-44043
23 Sep 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27. The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above,... • https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-mobile-friendly-image-gallery-plugin-1-8-27-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37442 – WordPress Photo Gallery by Ays – Responsive Image Gallery plugin < 5.7.1 - HTML Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-37442
28 Jun 2024 — Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This issue affects Photo Gallery by Ays: from n/a before 5.7.1. La neutralización incorrecta de elementos especiales en la salida utilizada por una vulnerabilidad de componente posterior ('inyección') en Photo Gallery Team Photo Gallery by Ays permite la inyección de código. Este problema afecta a Photo Gallery by Ays: desde n/a ant... • https://patchstack.com/database/vulnerability/gallery-photo-gallery/wordpress-photo-gallery-by-ays-responsive-image-gallery-plugin-5-7-1-html-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •