CVE-2022-1282

The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $GET'imageurl' variable, which is reflected back to the users when executing the editimagebwg AJAX action...

CVE-2022-0169

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwgtagidbwgthumbnails0 parameter before using it in a SQL statement via the bwgfrontenddata AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL injection...

CVE-2021-25041

The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting XSS issues via the bwgalbumbreadcrumb0 and shortcodeid GET parameters passed to the bwgfrontenddata AJAX action...

CVE-2021-24363

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector...

CVE-2021-24526

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue...

CVE-2021-24362

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will b...

CVE-2021-24426

The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. Backup by 10Web WordPress Plugin 1.0.20 and earlier has...

CVE-2021-24132

The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulkaction, exportfull and savesliderdb functionalities of the plugin were vulnerable, allowing a high privileged user Admin, or medium one such as Contributor+ if "Role Options" is turn on for other users to perform a SQL...

Wordpress Slider by 10Web SQL注入漏洞

Wordpress Slider by 10Web is an open source application plugin for Wordpress. Provides a versatile solution for adding a fast loading, responsive and SEO friendly slider to website pages, posts, theme headers or any other location. Slider by 10Web WordPress plugin versions prior to 1.2.36 suffers...

CVE-2020-9335

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...

PT-2019-14522 · 10Web · 10Web Photo Gallery

Name of the Vulnerable Software and Affected Versions: 10Web Photo Gallery plugin versions prior to 1.5.35 Description: The issue exists due to cross site scripting XSS in the photo-gallery plugin. This can be exploited via the admin/controllers/Options.php endpoint. Recommendations: For versions...

PT-2019-14521 · 10Web · 10Web Photo Gallery

Name of the Vulnerable Software and Affected Versions: 10Web Photo Gallery plugin versions prior to 1.5.35 Description: The issue exists in the photo-gallery plugin for WordPress, specifically via admin/models/Galleries.php, and allows for cross-site scripting XSS. Recommendations: For versions...

WordPress 10Web Photo Gallery Plugin Path Traversal Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.10Web Photo Gallery plugin is an image management plugin used in it. A path traversal vulnerability exists in the WordPress...

WordPress 10Web Photo Gallery plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.10Web Photo Gallery plugin is an image management plugin used in it. A cross-site scripting vulnerability exists in the...

CVE-2019-14798

The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcodebwg tagtext parameter...

CVE-2019-14797

The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS...

WordPress WordPress 10Web Photo Gallery Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.10Web Photo Gallery plugin is an image management plugin used in it. A SQL injection vulnerability exists in WordPress 10Web...