Gallery
This hub aggregates every CVE we track for Gallery, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
72
CVEs tracked
8
Critical
17
High
0
In CISA KEV
Severity distribution
MEDIUM46HIGH17CRITICAL8LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Gallery.
- CVE-2026-57642WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability8.5
- CVE-2024-35750WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - SQL Injection vulnerability8.5
- CVE-2023-0765Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection8.8
- CVE-2023-0764Gallery by BestWebSoft < 4.7.0 - Author+ Stored Cross-Site Scripting5.4
- CVE-2022-1946Gallery < 2.0.0 - Reflected Cross-Site Scripting6.1
- CVE-2021-25379Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.4.0
- CVE-2012-4919Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability9.8
- CVE-2019-1010123MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering ...7.5
- CVE-2017-2171Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form...6.1
- CVE-2016-1000113XSS and SQLi in huge IT gallery v1.1.5 for Joomla9.8
- CVE-2016-1000114XSS in huge IT gallery v1.1.5 for Joomla6.1
- CVE-2013-2087Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/mo...4.3
- CVE-2013-2138The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a rep...7.5
- CVE-2013-2240lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability...7.5
- CVE-2013-2241modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string i...5.0
Product normalization is registry-driven with AI assist and human review. How it works