Vulnerabilities > Enviragallery

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-11	CVE-2023-6742	Improper Check for Unusual or Exceptional Conditions vulnerability in Enviragallery Envira Gallery The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. network low complexity enviragallery CWE-754	4.3
2022-10-31	CVE-2022-2190	Cross-site Scripting vulnerability in Enviragallery Envira Gallery The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers network low complexity enviragallery CWE-79	6.1
2021-03-18	CVE-2021-24126	Cross-site Scripting vulnerability in Enviragallery Envira Gallery Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation. network enviragallery CWE-79	3.5
2021-01-15	CVE-2020-35582	Cross-site Scripting vulnerability in Enviragallery Envira Gallery A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter. network enviragallery CWE-79	3.5
2021-01-15	CVE-2020-35581	Cross-site Scripting vulnerability in Enviragallery Envira Gallery A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter. network enviragallery CWE-79	3.5
2020-02-25	CVE-2020-9334	Cross-site Scripting vulnerability in Enviragallery Envira Gallery A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. network low complexity enviragallery CWE-79	5.4

Vulnerabilities > Enviragallery {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Enviragallery"}]}

Vulnerabilities > Enviragallery