Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
photo-gallery vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2016-10918
The gallery-by-supsystic plugin prior to 1.8.6 for WordPress has CSRF.
Supsystic Photo Gallery
3.5
CVSSv2
CVE-2019-14797
The 10Web Photo Gallery plugin prior to 1.5.23 for WordPress has authenticated stored XSS.
10web Photo Gallery
NA
CVE-2023-1427
- The Photo Gallery by 10Web WordPress plugin prior to 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.
10web Photo Gallery
NA
CVE-2021-46889
The 10Web Photo Gallery plugin up to and including 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693.
10web Photo Gallery
4
CVSSv2
CVE-2019-14798
The 10Web Photo Gallery plugin prior to 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.
10web Photo Gallery
6.5
CVSSv2
CVE-2017-12977
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin prior to 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by admi...
10web Photo Gallery
6.8
CVSSv2
CVE-2015-9380
The photo-gallery plugin prior to 1.2.42 for WordPress has CSRF.
10web Photo Gallery
7.5
CVSSv2
CVE-2021-24139
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions prior to 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.
10web Photo Gallery
1 Github repository
4.3
CVSSv2
CVE-2021-24291
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin prior to 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both ...
10web Photo Gallery
NA
CVE-2024-0221
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated malicious users to rename arbitrary files...
10web Photo Gallery
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »