CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47521 – WordPress Robo Gallery <= 5.0.2 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-47521
07 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery allows Stored XSS. This issue affects Robo Gallery: from n/a through 5.0.2. The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in... • https://patchstack.com/database/wordpress/plugin/robo-gallery/vulnerability/wordpress-robo-gallery-5-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49696 – WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.21 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49696
21 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RoboSoft Robo Gallery allows Stored XSS.This issue affects Robo Gallery: from n/a through 3.2.21. The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts i... • https://patchstack.com/database/vulnerability/robo-gallery/wordpress-photo-gallery-images-slider-in-rbs-image-gallery-plugin-3-2-21-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34382 – WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.18 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-34382
03 May 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en RoboSoft Robo Gallery. Este problema afecta a Robo Gallery: desde n/a hasta 3.2.18. The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.18. This makes it po... • https://patchstack.com/database/vulnerability/robo-gallery/wordpress-photo-gallery-images-slider-in-rbs-image-gallery-plugin-3-2-18-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22295 – WordPress Robo Gallery Plugin <= 3.2.17 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-22295
17 Jan 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery allows Stored XSS.This issue affects Photo Gallery, Images, Slider in Rbs Image Gallery: from n/a through 3.2.17. La vulnerabilidad de neutralización incorrecta de la entrada durante de generación de páginas web ('Cross-site Scripting') en RoboSoft Photo Gallery, Images, Slider en Rbs Image Gallery permite XSS almacenado. Este problema afecta a Pho... • https://patchstack.com/database/vulnerability/robo-gallery/wordpress-robo-gallery-plugin-3-2-17-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3499 – Robo Gallery < 3.2.16 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-3499
15 Aug 2023 — The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El plugin The Photo Gallery, Images, Slider in Rbs Image Gallery para WordPress antes de la versión 3.2.16 no sanitiza ni escapa alguno de sus ajustes, lo que podría permitir a los usuari... • https://wpscan.com/vulnerability/ea29413b-494e-410e-ae42-42f96284899c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27620 – WordPress Robo Gallery Plugin <= 3.2.12 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-27620
13 Mar 2023 — Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions. The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbit... • https://patchstack.com/database/vulnerability/robo-gallery/wordpress-robo-gallery-plugin-3-2-12-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45804 – WordPress Robo Gallery Plugin <= 3.2.9 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-45804
02 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 leading to galleries hierarchy change, included plugin deactivate & activate. The Robo Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.9. This is due to missing or incorrect nonce validation on the getPluginStatus function. This makes it possible for unauthenticated attackers to activate plugins via a forged request gran... • https://patchstack.com/database/vulnerability/robo-gallery/wordpress-photo-gallery-images-slider-in-rbs-image-gallery-plugin-3-2-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45841 – WordPress Robo Gallery plugin <= 3.2.9 - Auth. Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2022-45841
12 Dec 2022 — Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9. The Robo Gallery plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 3.2.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create articles, list posts, activate and deact... • https://patchstack.com/database/wordpress/plugin/robo-gallery/vulnerability/wordpress-robo-gallery-plugin-3-2-9-auth-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •