Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
photo-gallery vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2015-1394
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin prior to 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_fi...
10web Photo Gallery
4
CVSSv2
CVE-2021-24363
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin prior to 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector
10web Photo Gallery
6.8
CVSSv2
CVE-2016-10918
The gallery-by-supsystic plugin prior to 1.8.6 for WordPress has CSRF.
Supsystic Photo Gallery
NA
CVE-2022-4058
The Photo Gallery by 10Web WordPress plugin prior to 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page u...
10web Photo Gallery
NA
CVE-2024-0221
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated malicious users to rename arbitrary files...
10web Photo Gallery
3.5
CVSSv2
CVE-2022-1394
The Photo Gallery by 10Web WordPress plugin prior to 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
10web Photo Gallery
7.5
CVSSv2
CVE-2022-0169
The Photo Gallery by 10Web WordPress plugin prior to 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthe...
10web Photo Gallery
6.8
CVSSv2
CVE-2015-9380
The photo-gallery plugin prior to 1.2.42 for WordPress has CSRF.
10web Photo Gallery
6.5
CVSSv2
CVE-2015-1393
SQL injection vulnerability in the Photo Gallery plugin prior to 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php.
10web Photo Gallery
7.5
CVSSv2
CVE-2019-16119
SQL injection in the photo-gallery (10Web Photo Gallery) plugin prior to 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
10web Photo Gallery
1 EDB exploit
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »