cleantalk
Vulnerabilities and Security Researches

Gallery Plugin for WordPress – Envira Photo Gallery, CVE-2021-24126

CVE, Research URL

CVE-2021-24126

Home page URL

Security reports for Gallery Plugin for WordPress – Envira Photo Gallery

Application

Gallery Plugin for WordPress – Envira Photo Gallery

Published on
Mar 18, 2021
Research Description
Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation.
Affected versions
max 1.8.3.3.
Status
vulnerable
Previous vulnerability researches
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2025-12377) , Dec 10, 2025
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2025-11448) , Dec 10, 2025
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2024-37095) , Jun 24, 2024
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2024-43925) , Aug 29, 2024
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2024-5020) , Dec 05, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025