Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
10web photo gallery vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-25041
The Photo Gallery by 10Web WordPress plugin prior to 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action
10web Photo Gallery
NA
CVE-2015-1393
SQL injection vulnerability in the Photo Gallery plugin prior to 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php.
10web Photo Gallery
5.4
CVSSv3
CVE-2015-1394
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin prior to 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_fi...
10web Photo Gallery
6.1
CVSSv3
CVE-2021-46889
The 10Web Photo Gallery plugin up to and including 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693.
10web Photo Gallery
4.8
CVSSv3
CVE-2022-1394
The Photo Gallery by 10Web WordPress plugin prior to 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
10web Photo Gallery
4.9
CVSSv3
CVE-2023-1427
- The Photo Gallery by 10Web WordPress plugin prior to 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.
10web Photo Gallery
9.8
CVSSv3
CVE-2021-24139
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions prior to 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.
10web Photo Gallery
1 Github repository
6.1
CVSSv3
CVE-2021-24291
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin prior to 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both ...
10web Photo Gallery
5.4
CVSSv3
CVE-2019-14797
The 10Web Photo Gallery plugin prior to 1.5.23 for WordPress has authenticated stored XSS.
10web Photo Gallery
4.9
CVSSv3
CVE-2019-14798
The 10Web Photo Gallery plugin prior to 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.
10web Photo Gallery
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »