cleantalk
Vulnerabilities and Security Researches

Picture Gallery – Frontend Image Uploads, AJAX Photo List, CVE-2021-47951

CVE, Research URL

CVE-2021-47951

Home page URL

Security reports for Picture Gallery – Frontend Image Uploads, AJAX Photo List

Application

Picture Gallery – Frontend Image Uploads, AJAX Photo List

Published on
May 10, 2026
Research Description
WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access Control settings. Attackers can enter JavaScript payloads in the plugin options that are stored in the database and executed when the functionality is triggered, enabling session hijacking or credential theft.
Affected versions
max 1.4.2.
Status
vulnerable
Previous vulnerability researches
Slider by Soliloquy – Responsive Image Slider for WordPress (d8276eb02654b7447accdf21d75754f13b40c842) , Jun 06, 2024
Slider by Soliloquy – Responsive Image Slider for WordPress (CVE-2021-47922) , May 12, 2026
Slider by Soliloquy – Responsive Image Slider for WordPress (CVE-2024-35775) , Aug 11, 2024
Slider by Soliloquy – Responsive Image Slider for WordPress (CVE-2023-51519) , Jun 10, 2024
New vulnerability
wpForo Forum (CVE-2026-40798) , May 12, 2026
Picture Gallery – Frontend Image Uploads, AJAX Photo List (CVE-2021-47951) , May 12, 2026
Amministrazione Aperta (CVE-2022-50956) , May 12, 2026
Slider by Soliloquy – Responsive Image Slider for WordPress (CVE-2021-47922) , May 12, 2026
Ultimate Product Catalog (CVE-2021-47924) , May 12, 2026