Browse all 6 CVE security advisories affecting GalleryCreator. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Gallerycreator is a web application designed for creating and managing image galleries, commonly used by websites to display photo collections. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These weaknesses often stem from insufficient input validation and improper access controls. The application has accumulated six CVE records, highlighting recurring security flaws in its handling of file uploads and user permissions. While no major publicized incidents have been documented, the consistent pattern of vulnerabilities suggests potential risks for unpatched deployments, particularly in environments where user-uploaded content is not properly sanitized or restricted.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-14288 | Gallery Blocks with Lightbox <= 3.3.0 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification — Mixed Media Gallery BlocksCWE-862 | 4.3 | Medium | 2025-12-13 |
| CVE-2024-10034 | Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.4.2 - Authenticated (Editor+) Stored Cross-Site Scripting — Mixed Media Gallery BlocksCWE-79 | 5.5 | Medium | 2024-11-22 |
| CVE-2024-5424 | Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters — Mixed Media Gallery BlocksCWE-79 | 6.4 | Medium | 2024-06-28 |
This page lists every published CVE security advisory associated with GalleryCreator. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.