Gallery Plugin for WordPress – Envira Photo Gallery

Information

Software Type Plugin
Software Slug envira-gallery-lite (view on wordpress.org)
Software Status Active
Software Author smub
Software Website enviragallery.com
Software Downloads 6,291,593
Software Active Installs 100,000
Software Record Last Updated December 22, 2024

8 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Patched CVE-2024-5020 6.4 Webbernaut December 3, 2024
Envira Photo Gallery <= 1.8.14 - Missing Authorization Patched CVE-2024-43925 4.3 Rafie Muhammad August 26, 2024
Gallery Plugin for WordPress – Envira Photo Gallery <= 1.8.14 - Authenticated (Author+) Stored Cross-Site Scripting Patched CVE-2024-3899 6.4 Dmitrii Ignatyev August 20, 2024
Envira Photo Gallery <= 1.8.7.3 - Cross-Site Request Forgery to Notice Dismissal Patched CVE-2024-37095 4.3 Abdi Pranata June 20, 2024
Envira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images Patched CVE-2023-6742 4.3 Nex Team January 8, 2024
Gallery Plugin for WordPress – Envira Photo Gallery <= 1.8.4.6 - Reflected Cross-Site Scripting Patched CVE-2022-2190 6.1 ZhongFu Su October 10, 2022
Envira Gallery Lite <= 1.8.3.2 - Cross-Site Scripting Patched CVE-2021-24126 5.4 minhtuanact December 19, 2020
Envira Photo Gallery <= 1.7.6 - Authenticated Stored Cross-Site Scripting Patched CVE-2020-9334 6.4 Vishnupriya Ilango February 25, 2020

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation