VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 9 known issues Latest disclosed Jun 06, 2024

Gallery – Image and Video Gallery with Thumbnails Vulnerabilities

Review known vulnerability records for the WordPress plugin Gallery – Image and Video Gallery with Thumbnails (`gallery-album`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-35750, CVE-2024-30550 and CVE-2024-31120, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
9
High or Critical
3
Patch Coverage
100%
Last Updated
Jul 23, 2024
Priority CVE Quick Links

Fast paths into Gallery – Image and Video Gallery with Thumbnails CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
9
CVE-2024-35750 Critical No patch listed
CVE-2024-35750 Gallery – Image and Video Gallery with Thumbnails SQL Injection

Gallery – Image and Video Gallery with Thumbnails <= 2.0.3 - Authenticated (Contributor+) SQL Injection

CVE-2017-14125 Critical 1.2.1
CVE-2017-14125 Gallery – Image and Video Gallery with Thumbnails SQL Injection

Gallery – Image and Video Gallery with Thumbnails < 1.2.1 - SQL Injection

CVE-2022-47603 High 2.0.2
CVE-2022-47603 Gallery – Image and Video Gallery with Thumbnails Stored Cross-Site Scripting

Gallery – Image and Video Gallery with Thumbnails <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting

CVE-2024-31120 Medium No patch listed
CVE-2024-31120 Gallery – Image and Video Gallery with Thumbnails Stored Cross-Site Scripting

Responsive Image Gallery, Gallery Album <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-30550 Medium No patch listed
CVE-2024-30550 Gallery – Image and Video Gallery with Thumbnails Cross-Site Scripting

Responsive Image Gallery, Gallery Album <= 2.0.3 - Reflected Cross-Site Scripting

CVE-2023-45630 Medium No patch listed
CVE-2023-45630 Gallery – Image and Video Gallery with Thumbnails Cross-Site Scripting

Responsive Image Gallery, Gallery Album <= 2.0.3 - Unauthenticated Cross-Site Scripting

CVE-2022-1946 Medium 2.0.0
CVE-2022-1946 Gallery – Image and Video Gallery with Thumbnails Cross-Site Scripting

Gallery – Image and Video Gallery with Thumbnails <= 1.9.9 - Reflected Cross-Site Scripting

CVE-2023-45631 Medium No patch listed
CVE-2023-45631 Gallery – Image and Video Gallery with Thumbnails Vulnerability

Responsive Image Gallery, Gallery Album <= 2.0.3 - Missing Authorization via Multiple AJAX Actions

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Gallery – Image and Video Gallery with Thumbnails so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
9 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
2 critical and 1 high severity finding.
Recent CVEs
CVE-2024-35750, CVE-2024-30550 and CVE-2024-31120
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Gallery – Image and Video Gallery with Thumbnails

Sorted by latest disclosure date so newly published issues surface first.

Plugin Critical Patched: No CVE-2024-35750
CVE-2024-35750: Gallery – Image and Video Gallery with Thumbnails <= 2.0.3 - Authenticated (Contributor+) SQL Injection

The Gallery – Image and Video Gallery with Thumbnails plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mak...

Published
Jun 06, 2024
Patched Release
Not published
Affected Versions
Versions up to 2.0.3
Next Step
Open the full report for remediation notes and references.
Open CVE-2024-35750 Report Open CVE Reference
Plugin Medium Patched: No CVE-2024-30550
CVE-2024-30550: Responsive Image Gallery, Gallery Album <= 2.0.3 - Reflected Cross-Site Scripting

The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbi...

Published
Mar 29, 2024
Patched Release
Not published
Affected Versions
Versions up to 2.0.3
Next Step
Open the full report for remediation notes and references.
Open CVE-2024-30550 Report Open CVE Reference
Plugin Medium Patched: No CVE-2024-31120
CVE-2024-31120: Responsive Image Gallery, Gallery Album <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-l...

Published
Mar 29, 2024
Patched Release
Not published
Affected Versions
Versions up to 2.0.3
Next Step
Open the full report for remediation notes and references.
Open CVE-2024-31120 Report Open CVE Reference
Plugin Medium Patched: No CVE-2023-45631
CVE-2023-45631: Responsive Image Gallery, Gallery Album <= 2.0.3 - Missing Authorization via Multiple AJAX Actions

The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 2.0.3. This makes it possible for authenticated attac...

Published
Oct 11, 2023
Patched Release
Not published
Affected Versions
Versions up to 2.0.3
Next Step
Open the full report for remediation notes and references.
Open CVE-2023-45631 Report Open CVE Reference
Plugin Medium Patched: No CVE-2023-45630
CVE-2023-45630: Responsive Image Gallery, Gallery Album <= 2.0.3 - Unauthenticated Cross-Site Scripting

The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

Published
Oct 11, 2023
Patched Release
Not published
Affected Versions
Versions up to 2.0.3
Next Step
Open the full report for remediation notes and references.
Open CVE-2023-45630 Report Open CVE Reference
Plugin Medium Patched: No CVE-2023-45629
CVE-2023-45629: Responsive Image Gallery, Gallery Album <= 2.0.3 - Cross-Site Request Forgery

The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. This is due to missing or incorrect nonce validation multiple functions. This makes it possible for unauthenticated attackers to p...

Published
Oct 11, 2023
Patched Release
Not published
Affected Versions
Versions up to 2.0.3
Next Step
Open the full report for remediation notes and references.
Open CVE-2023-45629 Report Open CVE Reference
Plugin High Patched: Yes CVE-2022-47603
CVE-2022-47603: Gallery – Image and Video Gallery with Thumbnails <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting

The Responsive Image and video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$_GET["id"]’ parameter in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

Published
Feb 03, 2023
Patched Release
2.0.2
Affected Versions
Versions up to 2.0.1
Next Step
Update to 2.0.2 or newer if supported.
Open CVE-2022-47603 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-1946
CVE-2022-1946: Gallery – Image and Video Gallery with Thumbnails <= 1.9.9 - Reflected Cross-Site Scripting

The Gallery – Image and Video Gallery with Thumbnails plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.9.9 due to insufficient input sanitization and output escaping on the gallery_current_index parameter supplied via the wp...

Published
Jun 13, 2022
Patched Release
2.0.0
Affected Versions
Versions up to 1.9.9
Next Step
Update to 2.0.0 or newer if supported.
Open CVE-2022-1946 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2017-14125
CVE-2017-14125: Gallery – Image and Video Gallery with Thumbnails < 1.2.1 - SQL Injection

SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.

Published
Sep 22, 2017
Patched Release
1.2.1
Affected Versions
Versions before 1.2.1
Next Step
Update to 1.2.1 or newer if supported.
Open CVE-2017-14125 Report Open CVE Reference