Lucene search
K

50 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47770

WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract...

8.8CVSS6.1AI score0.00262EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/19 8:35 p.m.3 views

CVE-2026-27360 WordPress Photo Gallery by 10Web plugin <= 1.8.37 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

5.5AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 9:15 p.m.4 views

CVE-2025-53240

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in adamlabs WordPress Photo Gallery photo-gallery-portfolio allows Reflected XSS.This issue affects WordPress Photo Gallery: from n/a through = 1.1.0...

7.1CVSS5.4AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:15 p.m.4 views

CVE-2025-53240

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in adamlabs WordPress Photo Gallery photo-gallery-portfolio allows Reflected XSS.This issue affects WordPress Photo Gallery: from n/a through = 1.1.0...

7.1CVSS0.00263EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.3 views

CVE-2025-53240

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in adamlabs WordPress Photo Gallery photo-gallery-portfolio allows Reflected XSS.This issue affects WordPress Photo Gallery: from n/a through = 1.1.0...

6.1CVSS5.3AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/22 4:51 p.m.18 views

CVE-2025-53240 WordPress WordPress Photo Gallery plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in adamlabs WordPress Photo Gallery photo-gallery-portfolio allows Reflected XSS.This issue affects WordPress Photo Gallery: from n/a through = 1.1.0...

7.1CVSS0.00263EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.3 views

PT-2026-3986

Name of the Vulnerable Software and Affected Versions adamlabs WordPress Photo Gallery versions through 1.1.0 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, which can lead to Reflected Cross-site Scripting XSS. This allows an...

5.3AI score0.00263EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.4 views

WordPress plugin: WordPress Photo Gallery – Cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.1CVSS5.7AI score0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-11624

Malicious code in bioql PyPI...

7.1CVSS9.2AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 4:43 p.m.4 views

CVE-2025-27291

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uxgallery WordPress Photo Gallery – Image Gallery photo-image-gallery allows Reflected XSS.This issue affects WordPress Photo Gallery – Image Gallery: from n/a through = 2.0.4...

7.1CVSS7.2AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2025/04/17 4:15 p.m.2 views

CVE-2025-27291

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uxgallery WordPress Photo Gallery – Image Gallery photo-image-gallery allows Reflected XSS.This issue affects WordPress Photo Gallery – Image Gallery: from n/a through = 2.0.4...

7.1CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2025/04/17 3:48 p.m.42 views

CVE-2025-27291

CVE-2025-27291 is a reflected XSS in the WordPress plugin WordPress Photo Gallery – Image Gallery (uxgallery) up to version 2.0.4. The root cause is improper input neutralization during web page generation, allowing reflected script execution. Public records indicate CVSS v3.1 base score 7.1 (HIG...

7.1CVSS7.2AI score0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:48 p.m.4 views

CVE-2025-27291 WordPress Photo Gallery – Image Gallery Plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uxgallery WordPress Photo Gallery – Image Gallery photo-image-gallery allows Reflected XSS.This issue affects WordPress Photo Gallery – Image Gallery: from n/a through = 2.0.4...

7.1CVSS8.6AI score0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.4 views

WordPress plugin WordPress Photo Gallery – Image Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS8.2AI score0.00235EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/24 8:58 a.m.3 views

WordPress Photo Gallery by 10Web plugin < 1.8.33 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Photo Gallery by 10Web versions 1.8.33...

3.5CVSS6.1AI score0.00247EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/13 2:23 p.m.11 views

CVE-2023-33995 WordPress Photo Gallery by 10Web plugin <= 1.8.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.15...

4.3CVSS5.1AI score0.00498EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.4 views

PT-2024-12455 · 10Web · Photo Gallery

Name of the Vulnerable Software and Affected Versions: Photo Gallery by 10Web versions 1.8.15 and earlier Description: A broken access control vulnerability has been identified in the WordPress Photo Gallery by 10Web plugin. This issue allows exploiting incorrectly configured access control...

4.3CVSS7.1AI score0.00498EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.16 views

WordPress Photo Gallery by 10Web Plugin <= 1.8.30 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.30 Fixed in 1.8.31 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9878 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e0cf77477c6f Credits tmrswrr Require...

4.8CVSS5.8AI score0.00419EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/10/20 10:40 a.m.25 views

CVE-2024-49325 WordPress Photo Gallery Builder plugin <= 3.0 - Broken Access Control to Notice Dismissal vulnerability

Missing Authorization vulnerability in wpdiscover Photo Gallery Builder photo-gallery-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Photo Gallery Builder: from n/a through = 3.0...

4.3CVSS0.00409EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/10/17 12:0 a.m.16 views

WordPress Photo Gallery Builder Plugin <= 3.0 is vulnerable to Broken Access Control

Software Photo Gallery Builder Type Plugin Vulnerable versions = 3.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49325 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db6c940f3de7 Credits Marek Mikita Required...

8.8CVSS6.6AI score0.00409EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder