Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3
CVE-2024-11002
- EPSS 0.2%
- Veröffentlicht 26.11.2024 07:15:05
- Zuletzt bearbeitet 09.07.2025 18:47:27
The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute ...
5.4
CVE-2023-28666
- EPSS 0.19%
- Veröffentlicht 22.03.2023 21:15:19
- Zuletzt bearbeitet 25.02.2025 21:15:13
The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user.
9.8
CVE-2022-4063
- EPSS 89.64%
- Veröffentlicht 19.12.2022 14:15:12
- Zuletzt bearbeitet 17.04.2025 14:15:25
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.
1