Pluginus Inpost Gallery vulnerabilities
3 known vulnerabilities affecting pluginus/inpost_gallery.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-4063P1CRITICALCVSS 9.8ExploitedPoCfixed in 2.1.4.12022-12-19
CVE-2022-4063 [CRITICAL] CWE-22 CVE-2022-4063: The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when ren
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
nvd
CVE-2024-11002P3MEDIUMCVSS 6.3fixed in 2.1.4.32024-11-26
CVE-2024-11002 [MEDIUM] CWE-94 CVE-2024-11002: The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the i
The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible
nvd
CVE-2023-28666P4MEDIUMCVSS 5.4≤ 2.1.4.12023-03-22
CVE-2023-28666 [MEDIUM] CWE-79 CVE-2023-28666: The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scri
The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user.
nvd