Vulnerabilities > Enviragallery

DATE CVE VULNERABILITY TITLE RISK
2024-11-01 CVE-2024-43925 Missing Authorization vulnerability in Enviragallery Envira Gallery
Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.14.
network
low complexity
enviragallery CWE-862
8.8
2024-09-11 CVE-2024-3899 Cross-site Scripting vulnerability in Enviragallery Envira Gallery
The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform Cross-Site Scripting attacks.
network
low complexity
enviragallery CWE-79
4.8
2024-01-11 CVE-2023-6742 Improper Check for Unusual or Exceptional Conditions vulnerability in Enviragallery Envira Gallery
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1.
network
low complexity
enviragallery CWE-754
4.3
2022-10-31 CVE-2022-2190 Cross-site Scripting vulnerability in Enviragallery Envira Gallery
The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
network
low complexity
enviragallery CWE-79
6.1
2021-03-18 CVE-2021-24126 Cross-site Scripting vulnerability in Enviragallery Envira Gallery
Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation.
3.5
2021-01-15 CVE-2020-35582 Cross-site Scripting vulnerability in Enviragallery Envira Gallery
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.
3.5
2021-01-15 CVE-2020-35581 Cross-site Scripting vulnerability in Enviragallery Envira Gallery
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter.
3.5
2020-02-25 CVE-2020-9334 Cross-site Scripting vulnerability in Enviragallery Envira Gallery
A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress.
network
low complexity
enviragallery CWE-79
5.4