Lucene search
K

11 matches found

CVE
CVE
added 2026/06/06 4:28 a.m.31 views

CVE-2026-9829

CVE-2026-9829 affects the WordPress plugin Photo Gallery by 10Web – Mobile-Friendly Image Gallery up to version 1.8.41. The flaw is a time-based SQL Injection in the compact_album_order_by shortcode parameter caused by insufficient escaping and lack of parameterized queries. Exploitation requires...

6.5CVSS5.8AI score0.00325EPSS
Exploits0References12
NVD
NVD
added 2026/06/04 10:16 a.m.10 views

CVE-2026-49771

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

7.6CVSS0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 9:49 a.m.34 views

CVE-2026-49771 WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

7.6CVSS0.00227EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:41 a.m.3 views

CVE-2026-32330

Cross-Site Request Forgery CSRF vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

5.8AI score0.00107EPSS
Exploits0References2
NVD
NVD
added 2026/02/19 9:18 p.m.6 views

CVE-2026-27360

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.38...

5.9CVSS0.00195EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.12 views

PT-2026-3881

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete comment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

5.3CVSS5.7AI score0.00219EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/09/11 12:0 a.m.8 views

VulnCheck KEV: CVE-2022-0169

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwgtagidbwgthumbnails0 parameter before using it in a SQL statement via the bwgfrontenddata AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL injection...

9.8CVSS5.9AI score0.74615EPSS
In wildExploits4References2
OSV
OSV
added 2024/11/29 6:15 a.m.3 views

CVE-2024-10704

The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00369EPSS
Exploits1References1
OSV
OSV
added 2024/11/05 10:21 a.m.3 views

CVE-2024-9878

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.8CVSS7.3AI score0.00419EPSS
Exploits1References3
OSV
OSV
added 2024/06/07 10:15 a.m.5 views

CVE-2024-5426

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00314EPSS
Exploits0References4
OSV
OSV
added 2022/03/14 3:15 p.m.6 views

CVE-2022-0169

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwgtagidbwgthumbnails0 parameter before using it in a SQL statement via the bwgfrontenddata AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL injection...

9.8CVSS5.8AI score0.74615EPSS
Exploits4References2
Rows per page
Query Builder