Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
photo gallery vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-16117
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin prior to 1.5.35 for WordPress exists via admin/models/Galleries.php.
10web Photo Gallery
1 EDB exploit
1 Github repository
6.1
CVSSv3
CVE-2019-16118
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin prior to 1.5.35 for WordPress exists via admin/controllers/Options.php.
10web Photo Gallery
1 EDB exploit
1 Github repository
5.4
CVSSv3
CVE-2015-1394
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin prior to 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_fi...
10web Photo Gallery
6.1
CVSSv3
CVE-2021-24291
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin prior to 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both ...
10web Photo Gallery
6.1
CVSSv3
CVE-2021-24362
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin prior to 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing Java...
10web Photo Gallery
4.9
CVSSv3
CVE-2021-24363
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin prior to 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector
10web Photo Gallery
6.1
CVSSv3
CVE-2021-25041
The Photo Gallery by 10Web WordPress plugin prior to 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action
10web Photo Gallery
4.3
CVSSv3
CVE-2021-36891
Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings.
Supsystic Photo Gallery
4.8
CVSSv3
CVE-2021-24310
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin prior to 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the...
10web Photo Gallery
5.4
CVSSv3
CVE-2019-14797
The 10Web Photo Gallery plugin prior to 1.5.23 for WordPress has authenticated stored XSS.
10web Photo Gallery
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »