CVE-2024-33586 WordPress Photo Gallery by 10Web plugin <= 1.8.20 - Broken Access Control vulnerability

🗓️ 29 Apr 2024 12:42:29Reported by PatchstackType

WordPress Photo Gallery 1.8.20 Broken Access Control Vuln

Reporter	Title	Published	Views	Family All 10
CVE	CVE-2024-33586	29 Apr 202412:42	–	cve
EUVD	EUVD-2024-31323	3 Oct 202520:07	–	euvd
NVD	CVE-2024-33586	29 Apr 202413:15	–	nvd
Patchstack	WordPress Photo Gallery by 10Web Plugin <= 1.8.20 is vulnerable to Broken Access Control	25 Apr 202400:00	–	patchstack
Patchstack	WordPress Photo Gallery by 10Web plugin <= 1.8.20 - Broken Access Control vulnerability	25 Apr 202414:34	–	patchstack
Positive Technologies	PT-2024-25354 · 10Web · Photo Gallery	29 Apr 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-33586	23 May 202506:18	–	redhatcve
Vulnrichment	CVE-2024-33586 WordPress Photo Gallery by 10Web plugin <= 1.8.20 - Broken Access Control vulnerability	29 Apr 202412:42	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)	2 May 202414:49	–	wordfence
WPVulnDB	Photo Gallery by 10Web < 1.8.21 - Missing Authorization	3 May 202400:00	–	wpvulndb

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "photo-gallery",
    "product": "Photo Gallery by 10Web",
    "vendor": "Photo Gallery Team",
    "versions": [
      {
        "changes": [
          {
            "at": "1.8.21",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.8.20",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-20-broken-access-control-vulnerability

28 Apr 2026 16:09Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.3

EPSS0.00369

CWE-862

cve-2024-33586 wordpress photo gallery 10web missing authorization