Vulnerabilities and security researches forwp-easy-gallery wp-easy-gallery
Direction: ascendingJun 07, 2024
WP Easy Gallery – WordPress Gallery Plugin # ab07689cea09dc1b31a6168441b576a38459ecee
- CVE, Research URL
- Application
- Date
- Jan 26, 2016
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 2.7.3 (closed) WordPress WP Easy Gallery Plugin <= 2.7 - Cross Site Request Forgery This plugin is prone to a cross site request forgery vulnerability. Upgrade this plugin.
- Affected versions
-
max 2.7.3.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # CVE-2013-6837
- CVE, Research URL
- Application
- Date
- Dec 19, 2013
- Research Description
- Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI.
- Affected versions
-
max 4.1.1.
- Status
-
vulnerable
Sep 25, 2024
WP Easy Gallery – WordPress Gallery Plugin # CVE-2024-8436
- CVE, Research URL
- Application
- Date
- Sep 25, 2024
- Research Description
- The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'edit_imageId' and 'edit_imageDelete' parameters in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
max 4.8.5.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # CVE-2024-8437
- CVE, Research URL
- Application
- Date
- Sep 25, 2024
- Research Description
- The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify galleries.
- Affected versions
-
max 4.8.5.
- Status
-
vulnerable
Oct 01, 2024
WP Easy Gallery – WordPress Gallery Plugin # CVE-2024-9018
- CVE, Research URL
- Application
- Date
- Oct 01, 2024
- Research Description
- The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
max 4.8.5.
- Status
-
vulnerable
Jun 16, 2026
WP Easy Gallery – WordPress Gallery Plugin # 399e63cace9d6fec4329f368506106982df2626a
- CVE, Research URL
- Application
- Date
- May 14, 2015
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 4.1.1 (closed) WordPress WP Easy Gallery Plugin <= 4.1.0 - XSS Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Update the plugin.
- Affected versions
-
max 4.1.1.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # b391f49e972c5077c63806ef3e1d146b58abe0de
- CVE, Research URL
- Application
- Date
- Aug 01, 2014
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 1.8 (closed) WP Easy Gallery <= 1.7 - Cross-Site Scripting The WP Easy Gallery plugin for WordPress is vulnerable to Cross-Site Scripting via the 'select_gallery' and 'galleryId' parameters in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
- Affected versions
-
max 1.8.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # 28d6fa8e1d23b2838df0ad6bd50588ad2704d04b
- CVE, Research URL
- Application
- Date
- Jan 26, 2016
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 4.1.5 (closed) WordPress WP Easy Gallery Plugin <= 4.1.4 - Reflected XSS Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Update plugin.
- Affected versions
-
max 4.1.5.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # dfd6073e9cb1a83bb2e78c40fb73b756268e128c
- CVE, Research URL
- Application
- Date
- Jan 26, 2016
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 2.7.3 (closed) WordPress WP Easy Gallery Plugin <= 1.7 - Cross Site Scripting Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Update plugin.
- Affected versions
-
max 2.7.3.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # f55605a14004ca6c080eceedd992e8adb89d1740
- CVE, Research URL
- Application
- Date
- May 15, 2015
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 2.7.1 (closed) WordPress WP Easy Gallery Plugin <= 2.7 - SQL Injection This plugin is prone to SQL injection via admin/overview.php galleryId parameter and admin/add-images.php multiple parameter. Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands. Update the plugin.
- Affected versions
-
max 2.7.1.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # 8b2500493153f2af740d2c17daa0e9e6378e2634
- CVE, Research URL
- Application
- Date
- Jan 26, 2016
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 4.1.5 (closed) WP Easy Gallery <= 4.1.4 - Stored Cross-Site Scripting The WP Easy Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_style’ parameter in versions before 4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute whenever a victim accesses the injected page.
- Affected versions
-
max 4.1.5.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # ab594533baaa27f6a7256975f5732c6a017c0199
- CVE, Research URL
- Application
- Date
- Aug 01, 2014
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 2.7.1 (closed) WP Easy Gallery <= 2.7 - Cross-Site Request Forgery The WP Easy Gallery for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
max 2.7.1.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # e0c5f2482ad1ce5df242acb8fafefe9e7a978755
- CVE, Research URL
- Application
- Date
- May 15, 2015
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 2.7.1 (closed) WordPress WP Easy Gallery Plugin <= 2.7 - Multiple Cross Site Request Forgery This plugin is prone to multiple admin function cross site request forgery vulnerability. Update plugin.
- Affected versions
-
max 2.7.1.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # 276d08ca-1d76-4813-8a1e-4881fa676cbd
- CVE, Research URL
- Application
- Date
- -
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 4.1.5 (closed) WP Easy Gallery <= 4.1.4 - Reflected Cross-Site Scripting (XSS) The WP Easy Gallery – WordPress Gallery Plugin WordPress plugin was affected by a Reflected Cross-Site Scripting (XSS) security vulnerability.
- Affected versions
-
max 4.1.5.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # e7306bd4-5a82-4122-aafc-a2a27b8e51c9
- CVE, Research URL
- Application
- Date
- -
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 2.7.3 (closed) WP Easy Gallery <= 2.7 - Cross-Site Request Forgery (CSRF) The WP Easy Gallery – WordPress Gallery Plugin WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.
- Affected versions
-
max 2.7.3.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # eb793465-730d-43f7-a81e-2acc62e072be
- CVE, Research URL
- Application
- Date
- -
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 2.7.1 (closed) WP Easy Gallery 2.7 - admin/add-images.php Multiple Parameter SQL Injection The WP Easy Gallery – WordPress Gallery Plugin WordPress plugin was affected by an admin/add-images.php Multiple Parameter SQL Injection security vulnerability.
- Affected versions
-
max 2.7.1.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # 7ebbe5cd-0605-4294-a0cc-91e19ce13792
- CVE, Research URL
- Application
- Date
- -
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 2.7.1 (closed) WP Easy Gallery 2.7 - Multiple Admin Function CSRF The WP Easy Gallery – WordPress Gallery Plugin WordPress plugin was affected by a Multiple Admin Function CSRF security vulnerability.
- Affected versions
-
max 2.7.1.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # 68da7f49c254e264f98b2f4bad4d6f66452dde08
- CVE, Research URL
- Application
- Date
- Aug 01, 2014
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 2.7.1 (closed) WP Easy Gallery <= 2.7 - SQL Injection The WP Easy Gallery plugin for WordPress is vulnerable to generic SQL Injection via the 'galleryId' or 'select_gallery' parameters found in the ‘admin/add-images.php’ file in versions up to, and including, 2.7 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated admin+ attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
max 2.7.1.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # dae819ed2526367f3bf5f0fd748dae289bb97b31
- CVE, Research URL
- Application
- Date
- Aug 01, 2014
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 2.7.1 (closed) WP Easy Gallery <= 2.7 - SQL Injection The WP Easy Gallery plugin for WordPress is vulnerable to generic SQL Injection via the 'galleryId' parameter in the 'admin/overview.php' file in versions up to, and including, 2.7 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated Admin+ attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
max 2.7.1.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # 578e9c75aa771ef9002fc14ddc07eb2825d68687
- CVE, Research URL
- Application
- Date
- Feb 18, 2013
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 2.7.1 (closed) WP Easy Gallery <= 2.7 - SQL Injection The WP Easy Gallery plugin for WordPress is vulnerable to generic SQL Injection via the 'galleryId' or 'select_gallery' parameters found in the ‘admin/edit-gallery.php’ file in versions up to, and including, 2.7 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated admin+ attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
- Affected versions
-
max 2.7.1.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # dea14b66-400f-429a-a06e-42c1183f978e
- CVE, Research URL
- Application
- Date
- -
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 2.7.3 (closed) WP Easy Gallery <= 1.7 - Cross-Site Scripting (XSS) The WP Easy Gallery – WordPress Gallery Plugin WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.
- Affected versions
-
max 2.7.3.
- Status
-
vulnerable
WP Easy Gallery – WordPress Gallery Plugin # 7907a46e-61ef-4bd8-9598-c0f8f78c0aab
- CVE, Research URL
- Application
- Date
- -
- Research Description
- WP Easy Gallery – WordPress Gallery Plugin [wp-easy-gallery] < 2.7.1 (closed) WP Easy Gallery 2.7 - admin/overview.php galleryId Parameter SQL Injection The WP Easy Gallery – WordPress Gallery Plugin WordPress plugin was affected by an admin/overview.php galleryId Parameter SQL Injection security vulnerability.
- Affected versions
-
max 2.7.1.
- Status
-
vulnerable