PatchSiren

Awesomemotive CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Awesomemotive CVE published 2026-06-16

CVE-2026-54190

CVE-2026-54190 is a medium-severity vulnerability (CVSS Score: 6.5) in the Envira Photo Gallery plugin versions <= 1.12.5. The vulnerability is classified as unauthenticated broken access control. The CVE was published and modified on June 16, 2026, at 10:16:28 GMT.

HIGH Awesomemotive CVE published 2026-06-15

CVE-2026-39503

CVE-2026-39503 is a HIGH severity vulnerability (CVSS Score: 7.5) in Easy Digital Downloads plugin versions <= 3.6.5. The vulnerability is caused by unauthenticated broken access control. The CVE was published on 2026-06-15T21:16:45.487Z and last modified on 2026-06-15T21:24:32.790Z.

CRITICAL awesomemotive CVE published 2026-05-20

CVE-2026-9059

CVE-2026-9059 is a critical authenticated SQL injection vulnerability in NextGEN Gallery versions prior to 4.2.1. The flaw exists in the REST API endpoints `/imagely/v1/galleries` and `/imagely/v1/albums`, where the `orderby` parameter is insufficiently sanitized by a `_clean_column()` function that employs a blacklist-based approach rather than a whitelist. An attacker with the 'NextGEN Gallery overview' [truncated]