4 matches found
CVE-2022-0169
creationtimestamp| type| source ---|---|--- 2025-07-09 22:28:10+00:00| published-proof-of-concept| Telegram/dtptb166B4lscGqCF62eMyOZNDG3baUUdYM2x2kmFDN2pDo 2025-07-18 23:45:22+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/wpphotogallerysqli.rb...
WordPress Photo Gallery Plugin SQL Injection (CVE-2022-0169)
A SQL injection vulnerability exists in the WordPress Photo Gallery plugin. This vulnerability is due to an input validation error on the bwgtagidbwgthumbnails0 parameter...
CVE-2022-0169 Photo Gallery by 10Web < 1.6.0 - Unauthenticated SQL Injection
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwgtagidbwgthumbnails0 parameter before using it in a SQL statement via the bwgfrontenddata AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL injection...
CVE-2022-0169
The CVE concerns the WordPress plugin Photo Gallery by 10Web (versions before 1.6.0). The vulnerability is an SQL injection in admin-ajax.php via bwg_tag_id_bwg_thumbnails_0 in the bwg_frontend_data action, exploitable by unauthenticated users. Root cause: lack of validation/escaping of the bwg_t...