Vulnerabilities and security researches forrobo-gallery robo-gallery

Direction: ascending

Jun 07, 2024

Photo Gallery, Images, Slider in Rbs Image Gallery # a1eced1fadfdb63a7f0b8f62ce232ed308411483

CVE, Research URL: a1eced1fadfdb63a7f0b8f62ce232ed308411483
Home page URL: Security reports for Photo Gallery, Images, Slider in Rbs Image Gallery
Application: Photo Gallery, Images, Slider in Rbs Image Gallery
Date: Apr 12, 2017
Research Description: Photo Gallery, Images, Slider in Rbs Image Gallery [robo-gallery] < 2.0.15 (closed) WordPress Robo Gallery plugin <= 2.0.15 - Privilege Escalation Vulnerability WordPress Robo Gallery plugin Privilege Escalation Vulnerability exists in 2.0.15 version. It doesn't check if the current user is administrator so any logged in user can reset allery’s view count. Update the plugin.
Affected versions: Min -, max -.
Status: vulnerable

Photo Gallery, Images, Slider in Rbs Image Gallery # CVE-2023-27620

CVE, Research URL: CVE-2023-27620
Home page URL: Security reports for Photo Gallery, Images, Slider in Rbs Image Gallery
Application: Photo Gallery, Images, Slider in Rbs Image Gallery
Date: Apr 07, 2023
Research Description: Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions.
Affected versions: Min -, max -.
Status: vulnerable

Photo Gallery, Images, Slider in Rbs Image Gallery # CVE-2023-24414

CVE, Research URL: CVE-2023-24414
Home page URL: Security reports for Photo Gallery, Images, Slider in Rbs Image Gallery
Application: Photo Gallery, Images, Slider in Rbs Image Gallery
Date: May 21, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.11 versions.
Affected versions: Min -, max -.
Status: vulnerable

Photo Gallery, Images, Slider in Rbs Image Gallery # CVE-2022-45804

CVE, Research URL: CVE-2022-45804
Home page URL: Security reports for Photo Gallery, Images, Slider in Rbs Image Gallery
Application: Photo Gallery, Images, Slider in Rbs Image Gallery
Date: Mar 01, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 leading to galleries hierarchy change, included plugin deactivate & activate.
Affected versions: Min -, max -.
Status: vulnerable

Photo Gallery, Images, Slider in Rbs Image Gallery # CVE-2024-22295

CVE, Research URL: CVE-2024-22295
Home page URL: Security reports for Photo Gallery, Images, Slider in Rbs Image Gallery
Application: Photo Gallery, Images, Slider in Rbs Image Gallery
Date: Jan 31, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery allows Stored XSS.This issue affects Photo Gallery, Images, Slider in Rbs Image Gallery: from n/a through 3.2.17.
Affected versions: Min -, max -.
Status: vulnerable

Photo Gallery, Images, Slider in Rbs Image Gallery # CVE-2024-34382

CVE, Research URL: CVE-2024-34382
Home page URL: Security reports for Photo Gallery, Images, Slider in Rbs Image Gallery
Application: Photo Gallery, Images, Slider in Rbs Image Gallery
Date: May 06, 2024
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.This issue affects Robo Gallery: from n/a through 3.2.18.
Affected versions: Min -, max -.
Status: vulnerable

Photo Gallery, Images, Slider in Rbs Image Gallery # CVE-2023-3499

CVE, Research URL: CVE-2023-3499
Home page URL: Security reports for Photo Gallery, Images, Slider in Rbs Image Gallery
Application: Photo Gallery, Images, Slider in Rbs Image Gallery
Date: Sep 04, 2023
Research Description: The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

Photo Gallery, Images, Slider in Rbs Image Gallery # CVE-2022-45841

CVE, Research URL: CVE-2022-45841
Home page URL: Security reports for Photo Gallery, Images, Slider in Rbs Image Gallery
Application: Photo Gallery, Images, Slider in Rbs Image Gallery
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9.
Affected versions: Min -, max -.
Status: vulnerable

Jun 20, 2024

Photo Gallery, Images, Slider in Rbs Image Gallery # CVE-2024-3894

CVE, Research URL: CVE-2024-3894
Home page URL: Security reports for Photo Gallery, Images, Slider in Rbs Image Gallery
Application: Photo Gallery, Images, Slider in Rbs Image Gallery
Date: Jun 19, 2024
Research Description: The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an Image Title in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Photo Gallery, Images, Slider in Rbs Image Gallery # CVE-2024-5343

CVE, Research URL: CVE-2024-5343
Home page URL: Security reports for Photo Gallery, Images, Slider in Rbs Image Gallery
Application: Photo Gallery, Images, Slider in Rbs Image Gallery
Date: Jun 19, 2024
Research Description: The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views' functions. This makes it possible for unauthenticated attackers to create new posts and reset gallery view counts via a forged request granted they can trick a Contributor+ level user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Jul 25, 2024

Photo Gallery, Images, Slider in Rbs Image Gallery # CVE-2024-3896

CVE, Research URL: CVE-2024-3896
Home page URL: Security reports for Photo Gallery, Images, Slider in Rbs Image Gallery
Application: Photo Gallery, Images, Slider in Rbs Image Gallery
Date: Jul 24, 2024
Research Description: The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the Gallery title field in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Oct 09, 2024

Photo Gallery, Images, Slider in Rbs Image Gallery # CVE-2024-8431

CVE, Research URL: CVE-2024-8431
Home page URL: Security reports for Photo Gallery, Images, Slider in Rbs Image Gallery
Application: Photo Gallery, Images, Slider in Rbs Image Gallery
Date: Oct 08, 2024
Research Description: The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve private post titles.
Affected versions: Min -, max -.
Status: vulnerable

Oct 24, 2024

Photo Gallery, Images, Slider in Rbs Image Gallery # CVE-2024-49696

CVE, Research URL: CVE-2024-49696
Home page URL: Security reports for Photo Gallery, Images, Slider in Rbs Image Gallery
Application: Photo Gallery, Images, Slider in Rbs Image Gallery
Date: Oct 24, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RoboSoft Robo Gallery allows Stored XSS.This issue affects Robo Gallery: from n/a through 3.2.21.
Affected versions: Min -, max -.
Status: vulnerable

Jan 08, 2025

Photo Gallery, Images, Slider in Rbs Image Gallery # CVE-2024-10102

CVE, Research URL: CVE-2024-10102
Home page URL: Security reports for Photo Gallery, Images, Slider in Rbs Image Gallery
Application: Photo Gallery, Images, Slider in Rbs Image Gallery
Date: Jan 07, 2025
Research Description: The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
Affected versions: Min -, max -.
Status: vulnerable

May 09, 2025

Photo Gallery, Images, Slider in Rbs Image Gallery # CVE-2025-47521

CVE, Research URL: CVE-2025-47521
Home page URL: Security reports for Photo Gallery, Images, Slider in Rbs Image Gallery
Application: Photo Gallery, Images, Slider in Rbs Image Gallery
Date: May 07, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery allows Stored XSS. This issue affects Robo Gallery: from n/a through 5.0.2.
Affected versions: Min -, max -.
Status: vulnerable