5 matches found
CVE-2026-7048
The CVE-2026-7048 entry concerns the WordPress plugin Photo Gallery by 10Web – Mobile-Friendly Image Gallery. A time-based blind SQL Injection exists via the order_by parameter in all versions up to and including 1.8.40, caused by insufficient escaping and incomplete SQL query preparation. Authen...
EUVD-2023-38119
Malicious code in bioql PyPI...
CVE-2024-5968 Photo Gallery by 10Web <= 1.8.27 - Admin+ Stored XSS
The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-33586 WordPress Photo Gallery by 10Web plugin <= 1.8.20 - Broken Access Control vulnerability
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20...
WordPress Plugin Photo Gallery by 10Web 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...