Envira Photo Gallery

Syed Balkhi

Developer

1.12.4

Latest version

100,000

Installations

No date

Last updated

WordPress Plugin

No VDP

Claim ownership

Report vulnerability

Vulnerabilities

Security Contributors

Vulnerability history

0 present

11 patched

3 Mitigation rules

Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API vulnerability
<= 1.12.3
03/03/2026
Missing Authorization to Authenticated (Author+) Multiple Gallery Actions vulnerability
<= 1.12.0
13/11/2025
Missing Authorization to Authenticated (Contributor+) Gallery Conversion vulnerability
<= 1.11.0
10/11/2025
Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
<= 1.8.15
03/12/2024
Author+ Stored XSS vulnerability
< 1.8.15
11/09/2024
Broken Access Control vulnerability
<= 1.8.14
26/08/2024
CSRF leading to notice dismissal vulnerability
<= 1.8.7.3
20/06/2024
Missing Authorization to Gallery Modification vulnerability
<= 1.8.7.2
08/01/2024
Reflected Cross-Site Scripting (XSS) vulnerability
<= 1.8.4.6
10/10/2022
Authenticated Stored Cross-Site Scripting (XSS) vulnerability
<= 1.8.3.2
19/12/2020
Authenticated Stored Cross-Site Scripting (XSS) vulnerability
<= 1.7.6
25/02/2020