VYPR

Photo Gallery By 10web

by WordPress

CVEs (35)

  • CVE-2024-33586MedApr 29, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20.

  • CVE-2023-1427MedApr 17, 2023
    risk 0.32cvss 4.9epss 0.01

    - The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.

  • CVE-2021-24363MedAug 16, 2021
    risk 0.32cvss 4.9epss 0.02

    The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector

  • CVE-2019-14798MedAug 9, 2019
    risk 0.32cvss 4.9epss 0.04

    The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.

  • CVE-2024-8670MedMay 15, 2025
    risk 0.31cvss 4.8epss 0.00

    The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example…

  • CVE-2024-10704MedNov 29, 2024
    risk 0.31cvss 4.8epss 0.00

    The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example…

  • CVE-2024-5968MedOct 9, 2024
    risk 0.31cvss 4.8epss 0.00

    The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is…

  • CVE-2022-1394MedJun 8, 2022
    risk 0.31cvss 4.8epss 0.01

    The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

  • CVE-2021-24310MedJun 1, 2021
    risk 0.31cvss 4.8epss 0.01

    The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the…

  • CVE-2020-9335MedFeb 25, 2020
    risk 0.31cvss 4.8epss 0.01

    Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users.

  • CVE-2024-9878MedNov 5, 2024
    risk 0.29cvss 4.4epss 0.00

    The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2023-33995MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.01

    Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15.

  • CVE-2024-35628MedJun 11, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25.

  • CVE-2024-13124LowMar 24, 2025
    risk 0.23cvss 3.5epss 0.00

    The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example…

  • CVE-2023-6924MedJan 11, 2024
    risk 0.22cvss 4.4epss 0.00

    The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…

Page 2 of 2