Vulnerabilities and security researches forgrand-media grand-media
Direction: ascendingJun 07, 2024
Gmedia Photo Gallery # CVE-2022-0873
- CVE, Research URL
- Home page URL
- Application
- Date
- May 16, 2022
- Research Description
- The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed
- Affected versions
-
max 1.2.2.
- Status
-
vulnerable
Jun 10, 2024
Gmedia Photo Gallery # CVE-2015-4339
- CVE, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- The Gmedia Photo Gallery plugin for WordPress is vulnerable to Open Proxy attacks in versions up to, and including, 1.6.4. This is due to inclusion of a script intended to load images from a url that doesn't end in an image file extension. This makes it possible for unauthenticated attackers to proxy through the server and perform anonymized attacks on other servers.
- Affected versions
-
max 1.6.5.
- Status
-
vulnerable
Jul 03, 2025
Gmedia Photo Gallery # CVE-2025-53257
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 27, 2025
- Research Description
- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Serhii Pasyuk Gmedia Photo Gallery allows PHP Local File Inclusion. This issue affects Gmedia Photo Gallery: from n/a through 1.23.0.
- Affected versions
-
max 1.23.0.
- Status
-
vulnerable
Jan 10, 2026
Gmedia Photo Gallery # CVE-2025-63014
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 31, 2025
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Serhii Pasyuk Gmedia Photo Gallery allows Cross Site Request Forgery.This issue affects Gmedia Photo Gallery: from n/a through 1.24.1.
- Affected versions
-
max 1.24.1.
- Status
-
vulnerable