Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
10web photo gallery vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2019-16118
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin prior to 1.5.35 for WordPress exists via admin/controllers/Options.php.
10web Photo Gallery
1 EDB exploit
1 Github repository
312
VMScore
CVE-2019-14797
The 10Web Photo Gallery plugin prior to 1.5.23 for WordPress has authenticated stored XSS.
10web Photo Gallery
NA
CVE-2024-0221
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated malicious users to rename arbitrary files...
10web Photo Gallery
668
VMScore
CVE-2022-1281
The Photo Gallery WordPress plugin up to and including 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
10web Photo Gallery
383
VMScore
CVE-2022-1282
The Photo Gallery by 10Web WordPress plugin prior to 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action.
10web Photo Gallery
312
VMScore
CVE-2022-1394
The Photo Gallery by 10Web WordPress plugin prior to 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
10web Photo Gallery
NA
CVE-2023-6924
The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attac...
10web Photo Gallery
NA
CVE-2021-46889
The 10Web Photo Gallery plugin up to and including 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693.
10web Photo Gallery
383
VMScore
CVE-2021-24291
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin prior to 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both ...
10web Photo Gallery
383
VMScore
CVE-2021-24362
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin prior to 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing Java...
10web Photo Gallery
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »