5 matches found
CVE-2021-46889
The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via themeid for bwgfrontenddata. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693...
CVE-2021-46889
The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via themeid for bwgfrontenddata. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693...
CVE-2021-46889
The CVE-2021-46889 entry concerns the WordPress Photo Gallery by 10Web plugin prior to version 1.5.69, which is vulnerable to cross-site scripting via the theme_id parameter in the bwg_frontend_data AJAX action. The linked technical detail (CVE-2021-24291) confirms multiple reflected XSS vectors ...
CVE-2021-31693
The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via albumgalleryid0, bwgalbumsearch0, and type0 for bwgfrontenddata. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID becau...
CVE-2021-31693
The WordPress plugin WordPress Photo Gallery by 10Web (before version 1.5.69) is affected by CVE-2021-31693 and related CVEs. Concrete details from connected documents show multiple reflected cross-site scripting vulnerabilities via GET parameters gallery_id, tag, album_id, and theme_id passed to...