cleantalk
Vulnerabilities and Security Researches

InPost Gallery, CVE-2022-4063

CVE, Research URL

CVE-2022-4063

Home page URL

Security reports for InPost Gallery

Application

InPost Gallery

Published on
Dec 19, 2022
Research Description
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
Affected versions
Min -, max 2.1.2.1.
Status
vulnerable
Previous vulnerability researches
InPost Gallery (CVE-2024-11002) , Nov 26, 2024
InPost Gallery (5f87d0dea32454e20b92b31e958259617992907a) , Jun 07, 2024
InPost Gallery (CVE-2023-28666) , Jun 07, 2024
InPost Gallery (CVE-2022-4063) , Jun 07, 2024
InPost Gallery (CVE-2025-26903) , Apr 15, 2025
New vulnerability
Hotel Booking (CVE-2025-39526) , Apr 19, 2025
TableOn – WordPress Posts Table Filterable  (CVE-2025-32592) , Apr 19, 2025
WP Social Bookmarking (CVE-2025-39422) , Apr 19, 2025
Anthologize (CVE-2025-39437) , Apr 19, 2025
Piotnet Addons For Elementor (CVE-2024-13650) , Apr 19, 2025