Photo Gallery
Approved changes feed: RSS · Atom
cpe:2.3:a:ays-pro:photo_gallery:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Ays Pro (900df179-83e7-52e1-a062-7dd4345b4c1d) |
|---|---|
| Product | Photo Gallery (486eb5e4-7983-59d3-b45d-e77d7b555ace) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-37442 |
vulnerable | 2026-06-03 14:56:06.652920 |
WordPress Photo Gallery by Ays – Responsive Image Gallery plugin < 5.7.1 - HTML Injection vulnerability
LOW (3.8)
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This issue affects Photo Gallery by Ays: from n/a before 5.7.1.
Published: 2024-07-09T10:42:51.922Z
Updated: 2026-04-28T16:09:59.034Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39917 |
vulnerable | 2026-06-03 14:52:39.499210 |
WordPress Photo Gallery by Ays Plugin <= 5.2.6 is vulnerable to Cross Site Request Forgery (CSRF)
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions.
Published: 2023-10-03T11:14:28.631Z
Updated: 2026-04-28T16:08:34.786Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32107 |
vulnerable | 2026-06-03 14:51:57.574944 |
WordPress Photo Gallery by Ays Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS)
HIGH (7.1)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions.
Published: 2023-08-18T14:00:03.124Z
Updated: 2026-04-28T16:08:21.549Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2568 |
vulnerable | 2026-06-03 14:51:43.401287 |
Photo Gallery by Ays < 5.1.7 - Reflected XSS
The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Published: 2023-06-12T17:28:23.093Z
Updated: 2025-01-03T14:48:52.092Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24462 |
vulnerable | 2026-06-03 14:43:57.213036 |
Photo Gallery by Ays - Responsive Image Gallery < 4.4.4 - Authenticated Blind SQL Injections
The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
Published: 2021-08-02T10:32:08.000Z
Updated: 2024-08-03T19:35:18.686Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-10921 |
vulnerable | 2026-06-03 14:35:29.959507 |
Details available
The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.
Published: 2019-08-22T12:33:51.000Z
Updated: 2024-08-06T03:38:56.640Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.