Vulnerabilities and security researches foreasy-media-gallery easy-media-gallery

Apr 03, 2025

CVE, Research URL: CVE-2025-31586
Home page URL: Security reports for Gallery – Photo Albums Plugin
Application: Gallery – Photo Albums Plugin
Date: Mar 31, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery – Photo Albums Plugin allows Stored XSS. This issue affects Gallery – Photo Albums Plugin: from n/a through 1.3.170.
Affected versions: max 1.3.170.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2015-7386
Home page URL: Security reports for Gallery – Photo Albums Plugin
Application: Gallery – Photo Albums Plugin
Date: Sep 28, 2015
Research Description: Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media Title or (2) Media Subtitle fields.
Affected versions: max 1.3.03.
Status: vulnerable