GCVE - cpe:2.3:a:realmag777:inpost_gallery:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:realmag777:inpost_gallery:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Realmag777 (`367987aa-9884-5ea5-b6ea-639a360f4171`)
Product	Inpost Gallery (`d8a6617a-7111-5f0a-9779-1be3dd32bc08`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-57889`	vulnerable	2026-06-03 15:05:00.231579	WordPress InPost Gallery Plugin <= 2.1.4.5 - Local File Inclusion Vulnerability HIGH (7.5) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 InPost Gallery inpost-gallery allows PHP Local File Inclusion.This issue affects InPost Gallery: from n/a through <= 2.1.4.5. Published: 2025-09-05T16:15:38.723Z Updated: 2026-05-13T00:11:41.122Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/inpost-gallery/vulnerability/wordpress-inpost-gallery-plugin-2-1-4-5-local-file-inclusion-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-26903`	vulnerable	2026-06-03 15:00:08.679848	WordPress InPost Gallery plugin <= 2.1.4.3 - Cross Site Request Forgery (CSRF) vulnerability MEDIUM (4.3) Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through <= 2.1.4.3. Published: 2025-04-15T21:53:11.417Z Updated: 2026-04-28T16:11:43.824Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/inpost-gallery/vulnerability/wordpress-inpost-gallery-plugin-2-1-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11002`	vulnerable	2026-06-03 14:54:13.132417	InPost Gallery <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template MEDIUM (6.3) The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. Published: 2024-11-26T06:43:44.633Z Updated: 2026-04-08T16:56:26.527Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/5fbb2dcf-38b8-4ef1-bfea-bf5872cc7e37?source=cve https://plugins.trac.wordpress.org/browser/inpost-gallery/trunk/index.php#L323 https://wordpress.org/plugins/inpost-gallery/#developers https://plugins.trac.wordpress.org/changeset/3192113/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.