The Photo Gallery by 10Web WordPress plugin prior to 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
10web photo gallery |