Enviragallery Envira Gallery — known CVE vulnerabilities
Every CVE whose affected-product data names Enviragallery Envira Gallery, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2022-2190 — CVSS 6.1 (medium): The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in…
CVE-2020-35582 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML…
CVE-2020-9334 — CVSS 5.4 (medium): A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this…
CVE-2021-24126 — CVSS 5.4 (medium): Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly…
CVE-2020-35581 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML…
CVE-2024-3899 — CVSS 4.8 (medium): The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow…
CVE-2023-6742 — CVSS 4.3 (medium): The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an…