Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
10web photo gallery vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-14797
The 10Web Photo Gallery plugin prior to 1.5.23 for WordPress has authenticated stored XSS.
10web Photo Gallery
4
CVSSv2
CVE-2019-14798
The 10Web Photo Gallery plugin prior to 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.
10web Photo Gallery
3.5
CVSSv2
CVE-2015-2324
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin prior to 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.
10web Photo Gallery
4.3
CVSSv2
CVE-2021-24291
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin prior to 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both ...
10web Photo Gallery
7.5
CVSSv2
CVE-2021-24139
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions prior to 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.
10web Photo Gallery
1 Github repository
4.3
CVSSv2
CVE-2019-16117
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin prior to 1.5.35 for WordPress exists via admin/models/Galleries.php.
10web Photo Gallery
1 EDB exploit
1 Github repository
4.3
CVSSv2
CVE-2019-16118
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin prior to 1.5.35 for WordPress exists via admin/controllers/Options.php.
10web Photo Gallery
1 EDB exploit
1 Github repository
7.5
CVSSv2
CVE-2019-16119
SQL injection in the photo-gallery (10Web Photo Gallery) plugin prior to 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
10web Photo Gallery
1 EDB exploit
1 Github repository
NA
CVE-2022-4058
The Photo Gallery by 10Web WordPress plugin prior to 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page u...
10web Photo Gallery
NA
CVE-2023-6924
The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attac...
10web Photo Gallery
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »