Critical severity9.8NVD Advisory· Published Mar 14, 2022· Updated Jun 17, 2026
CVE-2022-0169
CVE-2022-0169
Description
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- 10Web/Photo Gallery by 10Web WordPress plugindescription
- Range: <1.6.0
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changeset/2672822/photo-gallerynvdPatchRelease NotesThird Party Advisory
- wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709cnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.