Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
photo gallery by 10web vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv3
CVE-2024-13124
The Photo Gallery by 10Web WordPress plugin prior to 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...
Unknown Photo Gallery By 10web
6.1
CVSSv3
CVE-2025-0613
The Photo Gallery by 10Web WordPress plugin prior to 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed
Unknown Photo Gallery By 10web
7.2
CVSSv3
CVE-2024-0221
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated malicious users to rename arbitrary files...
10web Photo Gallery
8.8
CVSSv3
CVE-2024-5481
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated malicious users to cut and paste (copy) the conten...
10web Photo Gallery
7.2
CVSSv3
CVE-2017-12977
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin prior to 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by admi...
10web Photo Gallery
5.4
CVSSv3
CVE-2024-5426
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This mak...
10web Photo Gallery
6.1
CVSSv3
CVE-2021-46889
The 10Web Photo Gallery plugin up to and including 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693.
10web Photo Gallery
6.1
CVSSv3
CVE-2021-25041
The Photo Gallery by 10Web WordPress plugin prior to 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action
10web Photo Gallery
6.1
CVSSv3
CVE-2022-1282
The Photo Gallery by 10Web WordPress plugin prior to 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action.
10web Photo Gallery
4.8
CVSSv3
CVE-2020-9335
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin prior to 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users.
10web Photo Gallery
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-39551
hard-coded
type confusion
markus drubba
CVE-2025-24054
broken links remover
CVE-2025-39567
anthologize
CVE-2025-31201
CVE-2025-29454
file upload
CVE-2025-39558
momen2009
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »
Vulmon