Pluginus Inpost Gallery — known CVE vulnerabilities
Every CVE whose affected-product data names Pluginus Inpost Gallery, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2022-4063 — CVSS 9.8 (critical): The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers…
CVE-2024-11002 — CVSS 6.3 (medium): The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template…
CVE-2023-28666 — CVSS 5.4 (medium): The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl'…