Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More

Vulnerabilities 12Slug envira-gallery-liteLatest version 1.12.5WordPress.org →

Minimum safe version

1.12.4

Update to 1.12.4 or later to address 12 fixable vulnerabilities

Latest available1.12.5 ✓

N/A

2026-03-03< 1.12.4

Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API

Wordfence CVE

Medium 4.3

2025-11-13< 1.12.1

CVE-2025-12377

CVE EUVD Wordfence

Medium 4.3

2025-11-08< 1.12.0

CVE-2025-11448

CVE Wordfence

Medium 6.4

2024-12-04< 1.8.16

Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library

CVE Wordfence Patchstack

Medium 4.8

2024-09-11< 1.8.15

CVE-2024-3899

CVE Patchstack Wordfence

High 8.8

2024-11-01< 1.8.15

CVE-2024-43925

CVE Patchstack Wordfence

Medium 4.3

2024-11-01< 1.8.8

CVE-2024-37095

CVE Patchstack Wordfence

Medium 4.3

2024-01-11< 1.8.7.3

CVE-2023-6742

CVE Wordfence Patchstack WPScan

Medium 6.1

2022-10-31< 1.8.4.7

CVE-2022-2190

CVE Patchstack Wordfence WPScan

N/A

2020-12-19< 1.8.3.3

WordPress Envira Photo Gallery plugin <= 1.8.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Patchstack

Medium 5.4

2020-02-25< 1.7.7

CVE-2020-9334

CVE Patchstack Wordfence WPScan

Medium 5.4

2021-03-18< 1.8.3.3

CVE-2021-24126

CVE Wordfence WPScan