Known Vulnerabilities for Envira Gallery by Enviragallery
Listed below are 6 of the newest known vulnerabilities associated with "Envira Gallery" by "Enviragallery".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-54190 json | Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions. | Not Provided | 2026-06-16 | 2026-06-16 |
| CVE-2026-5361 json | The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to ... | Not Provided | 2026-05-14 | 2026-05-14 |
| CVE-2026-1236 json | The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justified_gallery... | Not Provided | 2026-03-04 | 2026-04-08 |
| CVE-2023-6742 json | The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of ... | Not Provided | 2024-01-11 | 2026-04-08 |
| CVE-2022-2190 json | The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputtin... | 6.1 - MEDIUM | 2022-10-31 | 2022-11-01 |
| CVE-2021-24126 json | Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not p... | 5.4 - MEDIUM | 2021-03-18 | 2021-03-24 |
| CVE-2020-35582 json | A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary J... | 5.4 - MEDIUM | 2021-01-15 | 2021-01-15 |
| CVE-2020-35581 json | A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary J... | 5.4 - MEDIUM | 2021-01-15 | 2021-01-15 |
| CVE-2020-9334 json | A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of ... | 5.4 - MEDIUM | 2020-02-25 | 2023-05-23 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Enviragallery | Envira Gallery | 1.8.3.4 | |||
| Application | Enviragallery | Envira Gallery | 1.8.3.3 | |||
| Application | Enviragallery | Envira Gallery | 1.8.3.2 | |||
| Application | Enviragallery | Envira Gallery | 1.8.3.1 | |||
| Application | Enviragallery | Envira Gallery | 1.8.3 | |||
| Application | Enviragallery | Envira Gallery | 1.8.2 | |||
| Application | Enviragallery | Envira Gallery | 1.8.1 | |||
| Application | Enviragallery | Envira Gallery | 1.8.0.3 | |||
| Application | Enviragallery | Envira Gallery | 1.8.0.2 | |||
| Application | Enviragallery | Envira Gallery | 1.8.0.1 | |||
| Application | Enviragallery | Envira Gallery | 1.8.0 | |||
| Application | Enviragallery | Envira Gallery | 1.75 | |||
| Application | Enviragallery | Envira Gallery | 1.7.9.0 | |||
| Application | Enviragallery | Envira Gallery | 1.7.8.9 | |||
| Application | Enviragallery | Envira Gallery | 1.7.8.8 | |||
| Application | Enviragallery | Envira Gallery | 1.7.8.7 | |||
| Application | Enviragallery | Envira Gallery | 1.7.8.6 | |||
| Application | Enviragallery | Envira Gallery | 1.7.8.5 | |||
| Application | Enviragallery | Envira Gallery | 1.7.8.4 | |||
| Application | Enviragallery | Envira Gallery | 1.7.8.2 |