cleantalk
Vulnerabilities and Security Researches

Gallery Plugin for WordPress – Envira Photo Gallery, CVE-2021-24126

CVE, Research URL

CVE-2021-24126

Home page URL

Security reports for Gallery Plugin for WordPress – Envira Photo Gallery

Application

Gallery Plugin for WordPress – Envira Photo Gallery

Published on
Mar 18, 2021
Research Description
Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation.
Affected versions
max 1.8.3.3.
Status
vulnerable
Previous vulnerability researches
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2025-12377) , Dec 10, 2025
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2025-11448) , Dec 10, 2025
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2024-37095) , Jun 24, 2024
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2024-43925) , Aug 29, 2024
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2024-5020) , Dec 05, 2024
New vulnerability
VI: Include Post By (CVE-2026-5717) , Apr 17, 2026
Responsive Accordion Slider (CVE-2026-0635) , Apr 17, 2026
Petje.af (CVE-2026-4002) , Apr 17, 2026
LinkedIn SC (CVE-2026-0812) , Apr 17, 2026
Coachific Shortcode (CVE-2026-4005) , Apr 17, 2026