ghozylab CVE Vulnerabilities & Metrics

Focus on ghozylab vulnerabilities and metrics.

Last updated: 08 Jul 2025, 22:25 UTC

About ghozylab Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with ghozylab. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total ghozylab CVEs: 5
Earliest CVE date: 28 Sep 2015, 15:59 UTC
Latest CVE date: 30 Jun 2025, 06:15 UTC

Latest CVE reference: CVE-2025-5730

Rolling Stats

30-day Count (Rolling): 1
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical ghozylab CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.7

Max CVSS: 3.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS ghozylab CVEs

These are the five CVEs with the highest CVSS scores for ghozylab, sorted by severity first and recency.

CVE-2015-7386 ghozylab Published on 28 Sep 2015, 15:59 UTC (CVSS: 3.5)
Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media Title or (2) Media Subtitle fields.
CVE-2025-5730 ghozylab Published on 30 Jun 2025, 06:15 UTC (CVSS: 0)
The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.
CVE-2024-32147 ghozylab Published on 15 Apr 2024, 07:15 UTC (CVSS: 0)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23.
CVE-2022-2224 ghozylab Published on 18 Jul 2022, 17:15 UTC (CVSS: 0)
The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such ...
CVE-2022-2223 ghozylab Published on 18 Jul 2022, 17:15 UTC (CVSS: 0)
The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewic_duplicate_slider. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such as clicking o...

All CVEs for ghozylab

CVE-2025-5730 ghozylab vulnerability CVSS: 0 30 Jun 2025, 06:15 UTC

The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.

CVE-2024-32147 ghozylab vulnerability CVSS: 0 15 Apr 2024, 07:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23.

CVE-2022-2224 ghozylab vulnerability CVSS: 0 18 Jul 2022, 17:15 UTC

The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2022-2223 ghozylab vulnerability CVSS: 0 18 Jul 2022, 17:15 UTC

The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewic_duplicate_slider. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2015-7386 ghozylab vulnerability CVSS: 3.5 28 Sep 2015, 15:59 UTC

Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media Title or (2) Media Subtitle fields.