Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2190 | 1 Enviragallery | 1 Envira Gallery | 2022-11-01 | N/A | 6.1 MEDIUM |
| The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | |||||
| CVE-2021-24126 | 1 Enviragallery | 1 Envira Gallery | 2021-03-24 | 3.5 LOW | 5.4 MEDIUM |
| Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation. | |||||
| CVE-2020-35581 | 1 Enviragallery | 1 Envira Gallery | 2021-01-15 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter. | |||||
| CVE-2020-35582 | 1 Enviragallery | 1 Envira Gallery | 2021-01-15 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter. | |||||