CVE-2026-9829

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2026-49771

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

EUVD-2026-34240

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

PT-2026-46174

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

CVE-2026-32330

Cross-Site Request Forgery CSRF vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

EUVD-2026-11804

Cross-Site Request Forgery CSRF vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

CVE-2026-32330

Cross-Site Request Forgery CSRF vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

CVE-2026-32330

CVE-2026-32330 is a CSRF vulnerability affecting the WordPress Photo Gallery by 10Web plugin, version range up to and including 1.8.37. Connected sources corroborate the issue across multiple feeds (NVD, Red Hat, EUVD/ENISA, CVE list, AttackersKB, etc.). The description consistently states a Cros...

CVE-2026-27360

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.38...

CVE-2026-27360

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

CVE-2026-27360

The CVE describes an XSS flaw in the WordPress Photo Gallery by 10Web plugin, caused by improper input neutralization during web page generation. Affected component: the Photo Gallery by 10Web plugin (WordPress) with versions

PT-2026-20932

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

CVE-2023-33995

Missing Authorization vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.15...

PT-2024-30911 · 10Web · 10Web Photo Gallery

Name of the Vulnerable Software and Affected Versions: 10Web Photo Gallery versions 1.8.27 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS or Stored XSS. This allows for the storage of malicious...

CVE-2024-35628

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25...

CVE-2021-46889

The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via themeid for bwgfrontenddata. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693...

VulnCheck KEV: CVE-2021-24139

Unvalidated input in the Photo Gallery 10Web Photo Gallery WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwgsearchx parameter...

CVE-2021-31693

The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via albumgalleryid0, bwgalbumsearch0, and type0 for bwgfrontenddata. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID becau...

WordPress plugin The 10Web Photo Gallery 安全漏洞

VMware Tools for Windows 10.0.0 and later, but prior to version 12.1.5, contain a denial of service vulnerability. A denial of service vulnerability exists in the VM3DMP driver, which is caused by improper input validation in the VM3DMP driver and can be exploited by an attacker with local user...

CVE-2020-9335

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...