VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 8 known issues Latest disclosed Jan 26, 2026

Gallery PhotoBlocks Vulnerabilities

Review known vulnerability records for the WordPress plugin Gallery PhotoBlocks (`photoblocks-grid-gallery`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-24389 and CVE-2025-58610, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
8
High or Critical
2
Patch Coverage
100%
Last Updated
Feb 02, 2026
Priority CVE Quick Links

Fast paths into Gallery PhotoBlocks CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
5
CVE-2022-36292 High 1.2.9
CVE-2022-36292 Gallery PhotoBlocks Cross-Site Request Forgery

Gallery PhotoBlocks <= 1.2.8 - Cross-Site Request Forgery

CVE-2026-24389 Medium 1.3.3
CVE-2026-24389 Gallery PhotoBlocks Stored Cross-Site Scripting

Gallery PhotoBlocks <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2025-58610 Medium 1.3.2
CVE-2025-58610 Gallery PhotoBlocks Stored Cross-Site Scripting

Gallery PhotoBlocks <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2022-37407 Medium 1.2.7
CVE-2022-37407 Gallery PhotoBlocks Stored Cross-Site Scripting

Gallery PhotoBlocks <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2019-15829 Medium 1.1.43
CVE-2019-15829 Gallery PhotoBlocks Cross-Site Scripting

Gallery PhotoBlocks <= 1.1.42 - Reflected Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Gallery PhotoBlocks so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
8 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 2 high severity findings.
Recent CVEs
CVE-2026-24389 and CVE-2025-58610
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Gallery PhotoBlocks

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-24389
CVE-2026-24389: Gallery PhotoBlocks <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gallery PhotoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abov...

Published
Jan 26, 2026
Patched Release
1.3.3
Affected Versions
Versions up to 1.3.2
Next Step
Update to 1.3.3 or newer if supported.
Open CVE-2026-24389 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-58610
CVE-2025-58610: Gallery PhotoBlocks <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gallery PhotoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abov...

Published
Sep 03, 2025
Patched Release
1.3.2
Affected Versions
Versions up to 1.3.1
Next Step
Update to 1.3.2 or newer if supported.
Open CVE-2025-58610 Report Open CVE Reference
Plugin Medium Patched: Yes
Gallery PhotoBlocks <= 1.2.8 - Missing Authorization Checks

The Gallery PhotoBlocks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.2.8 due to missing capability checks on the init() function found in the ~/admin/class-photoblocks-admin.php file. This makes it possible for authenticated users...

Published
Aug 17, 2022
Patched Release
1.2.9
Affected Versions
Versions up to 1.2.8
Next Step
Update to 1.2.9 or newer if supported.
Open Full Report
Plugin High Patched: Yes CVE-2022-36292
CVE-2022-36292: Gallery PhotoBlocks <= 1.2.8 - Cross-Site Request Forgery

The Gallery PhotoBlocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing nonce validation on the init() function. This makes it possible for unauthenticated attackers to delete or copy photo galleries...

Published
Aug 10, 2022
Patched Release
1.2.9
Affected Versions
Versions up to 1.2.8
Next Step
Update to 1.2.9 or newer if supported.
Open CVE-2022-36292 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-37407
CVE-2022-37407: Gallery PhotoBlocks <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Gallery PhotoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...

Published
Aug 10, 2022
Patched Release
1.2.7
Affected Versions
Versions up to 1.2.6
Next Step
Update to 1.2.7 or newer if supported.
Open CVE-2022-37407 Report Open CVE Reference
Plugin High Patched: Yes
Gallery PhotoBlocks <= 1.1.5 - Cross-Site Scripting

The Gallery PhotoBlocks plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.1.5 via several parameters due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that...

Published
Jul 29, 2020
Patched Release
1.2.0
Affected Versions
Versions before 1.2.0
Next Step
Update to 1.2.0 or newer if supported.
Open Full Report
Plugin Medium Patched: Yes CVE-2019-15829
CVE-2019-15829: Gallery PhotoBlocks <= 1.1.42 - Reflected Cross-Site Scripting

The photoblocks-grid-gallery plugin before 1.1.43 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS when logged in as admin.

Published
Jul 09, 2019
Patched Release
1.1.43
Affected Versions
Versions before 1.1.43
Next Step
Update to 1.1.43 or newer if supported.
Open CVE-2019-15829 Report Open CVE Reference
Plugin Medium Patched: Yes
Gallery Photoblocks <= 1.1.40 - Reflected Cross-Site Scripting

The Gallery Photoblocks plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the GET 'id' parameter in versions up to, and including, 1.1.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inj...

Published
Jul 05, 2019
Patched Release
1.1.41
Affected Versions
Versions up to 1.1.40
Next Step
Update to 1.1.41 or newer if supported.
Open Full Report