Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More
Approved changes feed: RSS · Atom
cpe:2.3:a:smub:envira_gallery_–_image_photo_gallery,_albums,_video_gallery,_slideshows_&_more:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Smub (de95b648-5e6e-5830-888e-6dff235e28e3) |
|---|---|
| Product | Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More (423cadbf-5e66-54f8-a7bd-db0da4af7c01) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-5361 |
vulnerable | 2026-06-03 15:26:27.062827 |
Envira Gallery <= 1.12.4 - Authenticated (Author+) Stored Cross-Site Scripting via 'arrows' Parameter
MEDIUM (6.4)
The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the update_gallery_data() function and improper output escaping in the gallery_init() function. The sanitize_config_values() function only sanitizes the justified_gallery_theme and justified_row_height parameters, but does not sanitize the arrows parameter. When the arrows value is output in the inline JavaScript configuration, it uses esc_attr() which is designed for HTML attribute contexts, not JavaScript contexts, allowing JavaScript expression injection. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2026-05-14T03:27:15.137Z
Updated: 2026-05-14T10:47:27.431Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-1236 |
vulnerable | 2026-06-03 15:14:43.976353 |
Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API
MEDIUM (6.4)
The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justified_gallery_theme' parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2026-03-04T08:23:56.092Z
Updated: 2026-04-08T17:18:43.927Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-12377 |
vulnerable | 2026-06-03 14:58:44.238397 |
Gallery Plugin for WordPress – Envira Photo Gallery <= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gallery Actions
MEDIUM (4.3)
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-level access and above, to perform multiple actions, such as removing images from arbitrary galleries. The vulnerability was partially patched in version 1.12.0.
Published: 2025-11-13T11:29:03.241Z
Updated: 2026-04-08T16:58:41.809Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11448 |
vulnerable | 2026-06-03 14:58:36.073906 |
Gallery Plugin for WordPress – Envira Photo Gallery <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery Conversion
MEDIUM (4.3)
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for authenticated attackers, with contributor-level access and above, to convert galleries to Envira galleries.
Published: 2025-11-08T09:28:11.104Z
Updated: 2026-04-08T17:06:41.375Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5020 |
vulnerable | 2026-06-03 14:57:51.486019 |
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
MEDIUM (6.4)
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-12-04T08:22:46.855Z
Updated: 2026-04-08T17:27:10.759Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-6742 |
vulnerable | 2026-06-03 14:53:58.850537 |
Envira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images
MEDIUM (4.3)
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify galleries on other users' posts.
Published: 2024-01-11T08:32:32.827Z
Updated: 2026-04-08T16:48:22.789Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.