10web
Products
1- 9 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-29832 | Med | 0.40 | 6.1 | 0.00 | Mar 26, 2024 | The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be… | ||
| CVE-2024-29833 | Med | 0.35 | 5.4 | 0.00 | Mar 26, 2024 | The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An… | ||
| CVE-2024-29810 | Med | 0.35 | 5.4 | 0.00 | Mar 26, 2024 | The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted… | ||
| CVE-2024-29809 | Med | 0.35 | 5.4 | 0.00 | Mar 26, 2024 | The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted… | ||
| CVE-2024-29808 | Med | 0.35 | 5.4 | 0.00 | Mar 26, 2024 | The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted… | ||
| CVE-2026-1036 | Med | 0.34 | 5.3 | 0.00 | Jan 22, 2026 | The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_comment() function in all versions up to, and including, 1.8.36. This makes it possible for… | ||
| CVE-2023-33995 | Med | 0.28 | 4.3 | 0.01 | Dec 13, 2024 | Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15. | ||
| CVE-2024-35628 | Med | 0.28 | 4.3 | 0.00 | Jun 11, 2024 | Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25. | ||
| CVE-2024-13124 | Low | 0.23 | 3.5 | 0.00 | Mar 24, 2025 | The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example… |
- risk 0.40cvss 6.1epss 0.00
The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be…
- risk 0.35cvss 5.4epss 0.00
The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An…
- risk 0.35cvss 5.4epss 0.00
The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted…
- risk 0.35cvss 5.4epss 0.00
The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted…
- risk 0.35cvss 5.4epss 0.00
The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted…
- risk 0.34cvss 5.3epss 0.00
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_comment() function in all versions up to, and including, 1.8.36. This makes it possible for…
- risk 0.28cvss 4.3epss 0.01
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25.
- risk 0.23cvss 3.5epss 0.00
The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example…