Browse all 3 CVE security advisories affecting Galleryape. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Galleryape is a digital asset management platform designed for organizing and distributing visual content. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. The platform has accumulated three CVEs, with notable issues including authenticated RCE through image manipulation and XSS in file upload functionality. Security assessments reveal consistent weaknesses in sanitization of user-supplied data and insufficient session management, potentially allowing attackers to execute arbitrary code or compromise administrative accounts. No major public security incidents have been documented, though the vulnerability pattern suggests ongoing risks for unpatched instances.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-41995 | WordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Broken Access Control — Gallery Images ApeCWE-862 | 4.3 | Medium | 2025-01-02 |
| CVE-2019-25149 | Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation — Gallery Images ApeCWE-285 | 7.6 | High | 2023-06-07 |
| CVE-2022-41785 | WordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Cross Site Scripting (XSS) — Gallery Images ApeCWE-79 | 5.4 | Medium | 2023-03-21 |
This page lists every published CVE security advisory associated with Galleryape. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.