Primary

Context

Global Gallery WordPress Plugin Shortcode Execution Vulnerability

Vulnerability

A vulnerability allowing arbitrary shortcode execution has been identified in the Global Gallery - WordPress Responsive Gallery plugin, affecting all versions through 9.1.5. The issue arises because the plugin does not properly validate values before executing them as shortcodes. This flaw enables authenticated attackers with Subscriber-level access or higher to execute arbitrary shortcodes on the site.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary shortcodes, which could lead to various impacts depending on the executed shortcode.

Remediation

Users are advised to update the Global Gallery WordPress Responsive Gallery plugin to version 9.1.6 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Global Gallery WordPress Plugin Shortcode Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating