CVE-2026-1236 | Envira Gallery Plugin up to 1.12.3 on WordPress REST API justified_gallery_theme cross site scripting

Inserito da Angelo Barbosa | Mar 4, 2026 | CVE

A vulnerability marked as problematic has been reported in Envira Gallery Plugin up to 1.12.3 on WordPress. This vulnerability affects unknown code of the component REST API. Performing a manipulation of the argument justified_gallery_theme results in cross site scripting.

This vulnerability is identified as CVE-2026-1236. The attack can be initiated remotely. There is not any exploit available.

CVE-2026-1236 | Envira Gallery Plugin up to 1.12.3 on WordPress REST API justified_gallery_theme cross site scripting

Post correlati

CVE-2023-52848 | Linux Kernel up to 6.5.11/6.6.1 fs/f2fs/super.c f2fs_put_super infinite loop (eb42e1862aa7/10b2a6c0dade/a4639380bbe6)

CVE-2024-8869 | TOTOLINK A720R 4.1.5 exportOvpn os command injection

CVE-2024-44552 | Tenda AX1806 1.0.0.1 formGetIptv adv.iptv.stballvlans stack-based overflow

CVE-2025-10179 | My AskAI Plugin up to 1.0.0 on WordPress Shortcode myaskai cross site scripting