WordPress Plugin Vulnerabilities

Huge IT Image Gallery <= 2.0.5 - Stored Cross-Site Scripting (XSS)

Description

The gallery-images WordPress plugin was affected by a Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
gallery-images
Fixed in 2.0.6

References

URL
https://sumofpwn.nl/advisory/2016/stored_cross_site_scripting_in_gallery___image_gallery_wordpress_plugin.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
919140b3-fcb6-474c-90dc-8c17e793538a

Timeline

Publicly Published
2016-11-23 (about 9 years ago)
Added
2016-11-23 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-09-22
Title
BMI Adult & Kid Calculator <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2021-06-09
Title
Advanced AJAX Product Filters < 1.5.4.7 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Published
2024-05-29
Title
WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings
Published
2026-01-27
Title
Passster – Password Protect Pages and Content < 4.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2024-04-26
Title
Form Maker by 10Web < 1.15.25 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting