VYPR

Photogallery

by WordPress

Source repositories

CVEs (41)

  • CVE-2019-16119CriSep 8, 2019
    risk 0.69cvss 9.8epss 0.25

    SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.

  • CVE-2022-1281CriMay 2, 2022
    risk 0.66cvss 9.8epss 0.23

    The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.

  • CVE-2021-24139CriMar 18, 2021
    risk 0.64cvss 9.8epss 0.05

    Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.

  • CVE-2016-10921CriAug 22, 2019
    risk 0.64cvss 9.8epss 0.02

    The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.

  • CVE-2014-9312HigAug 28, 2017
    risk 0.64cvss 8.8epss 0.45

    Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.

  • CVE-2024-0221CriFeb 5, 2024
    risk 0.59cvss 9.1epss 0.01

    The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the…

  • CVE-2015-9380HigAug 30, 2019
    risk 0.57cvss 8.8epss 0.01

    The photo-gallery plugin before 1.2.42 for WordPress has CSRF.

  • CVE-2017-12977HigAug 21, 2017
    risk 0.47cvss 7.2epss 0.02

    The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators…

  • CVE-2025-24707HigFeb 3, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery gt3-photo-video-gallery allows Reflected XSS.This issue affects Photo Gallery: from n/a through <= 2.7.7.24.

  • CVE-2024-32583HigApr 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21.

  • CVE-2024-29919HigMar 27, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Reflected XSS.This issue affects Photo Gallery by Ays: from n/a through 5.5.2.

  • CVE-2019-16118MedSep 8, 2019
    risk 0.43cvss 6.1epss 0.05

    Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.

  • CVE-2019-16117MedSep 8, 2019
    risk 0.43cvss 6.1epss 0.05

    Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.

  • CVE-2026-7048MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.01

    The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order_by' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of…

  • CVE-2025-47677MedMay 7, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery gt3-photo-video-gallery allows Stored XSS.This issue affects Photo Gallery: from n/a through <= 2.7.7.25.

  • CVE-2025-2269MedApr 12, 2025
    risk 0.40cvss 6.1epss 0.00

    The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘image_id’ parameter in all versions up to, and including, 1.8.34 due to insufficient input sanitization and output escaping. This makes…

  • CVE-2024-29832MedMar 26, 2024
    risk 0.40cvss 6.1epss 0.00

    The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be…

  • CVE-2023-2568MedJun 12, 2023
    risk 0.40cvss 6.1epss 0.00

    The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2021-24909MedJan 17, 2022
    risk 0.40cvss 6.1epss 0.01

    The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue

  • CVE-2024-44043MedOct 6, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.27.

Page 1 of 3