← Back

Origincode

origincode

2 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Video Gallery
video_gallery
Photo Contest
photo-contest

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Origincode
1Photo Contest
Jun 17, 2026
Jul 1, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the load_image...Show more
The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the load_images_thumbnail() and edit_gallery() functions. This makes it possible for unauthenticated attackers to edit galleries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
1Origincode
1Video Gallery
Jun 17, 2026
Oct 25, 2021
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
The Video Gallery WordPress plugin before 1.1.5 does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting issues