Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gallerycreator — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting gallerycreator. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Gallerycreator is a web application designed for creating and managing image galleries, commonly used by websites to display photo collections. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These weaknesses often stem from insufficient input validation and improper access controls. The application has accumulated six CVE records, highlighting recurring security flaws in its handling of file uploads and user permissions. While no major publicized incidents have been documented, the consistent pattern of vulnerabilities suggests potential risks for unpatched deployments, particularly in environments where user-uploaded content is not properly sanitized or restricted.

Top products by gallerycreator: Mixed Media Gallery Blocks SimpLy Gallery
CVE IDTitleCVSSSeverityPublished
CVE-2026-25345 WordPress SimpLy Gallery plugin <= 3.3.2 - Arbitrary Code Execution vulnerability — SimpLy GalleryCWE-1284 9.9 Critical2026-03-25
CVE-2025-14288 Gallery Blocks with Lightbox <= 3.3.0 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Modification — Mixed Media Gallery BlocksCWE-862 4.3 Medium2025-12-13
CVE-2025-63052 WordPress SimpLy Gallery plugin <= 3.3.2.1 - Cross Site Scripting (XSS) vulnerability — SimpLy GalleryCWE-79 6.5 Medium2025-12-09
CVE-2025-32176 WordPress Gallery Blocks with Lightbox plugin <= 3.2.5 - Stored Cross Site Scripting (XSS) vulnerability — SimpLy GalleryCWE-79 6.5 Medium2025-04-04
CVE-2024-10034 Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.4.2 - Authenticated (Editor+) Stored Cross-Site Scripting — Mixed Media Gallery BlocksCWE-79 5.5 Medium2024-11-22
CVE-2024-5424 Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via galleryID and className Parameters — Mixed Media Gallery BlocksCWE-79 6.4 Medium2024-06-28

This page lists every published CVE security advisory associated with gallerycreator. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.