Realmag777 Inpost Gallery vulnerabilities
4 known vulnerabilities affecting realmag777/inpost_gallery.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-39574P2CRITICALCVSS 9.3≥ n/a, ≤ 2.1.4.62026-06-16
CVE-2026-39574 [CRITICAL] CWE-89 CVE-2026-39574: Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.
Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.
nvd
CVE-2025-57889P3HIGHCVSS 7.5≤ 2.1.4.52025-09-05
CVE-2025-57889 [HIGH] CWE-98 CVE-2025-57889: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 InPost Gallery inpost-gallery allows PHP Local File Inclusion.This issue affects InPost Gallery: from n/a through <= 2.1.4.5.
nvd
CVE-2024-11002P3MEDIUMCVSS 6.3≤ 2.1.4.22024-11-26
CVE-2024-11002 [MEDIUM] CWE-94 CVE-2024-11002: The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the i
The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible
nvd
CVE-2025-26903P4MEDIUMCVSS 4.3≤ 2.1.4.32025-04-15
CVE-2025-26903 [MEDIUM] CWE-352 CVE-2025-26903: Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery inpost-gallery allows C
Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through <= 2.1.4.3.
nvd