CVE-2026-49771

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

CVE-2026-49771 WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

CVE-2026-49771 WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

EUVD-2026-34240

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

CVE-2026-49771

Summary of CVE-2026-49771 : The WordPress Photo Gallery by 10Web plugin (versions up to 1.8.41) is affected by an SQL Injection vulnerability due to improper neutralization of special elements. The issue enables blind SQL injection. Details in connected documents specify the affected product and ...

WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Photo Gallery by 10Web versions = 1.8.41...

WordPress Gallery <2.0.0 - Cross-Site Scripting

WordPress Gallery plugin before 2.0.0 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, available to both unauthenticated and authenticated users. id: CVE-2022-1946 info: name: WordPres...

Art Gallery Management System Project v1.0 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. id: CVE-2023-23161 info: name: Art...

WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting

WordPress Photo Gallery by 10Web plugin before 1.5.69 contains multiple reflected cross-site scripting vulnerabilities via the galleryid, tag, albumid and themeid GET parameters passed to the bwgfrontenddata AJAX action, available to both unauthenticated and authenticated users. id: CVE-2021-2429...

NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure

The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getitem function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data includi...

WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting

The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the album's name before outputting it in pages or posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting XSS attacks even when the unfiltered-html capabilit...

Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion

Joomla! Omilen Photo Gallery comomphotogallery component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. id: CVE-2009-4202 info: name: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion...

Gallery Photoblocks < 1.1.43 - Cross-Site Scripting

The Gallery PhotoBlocks WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. id: CVE-2019-15829 info: name: Gallery Photoblocks 1.1.43 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The Gallery PhotoBlocks WordPress plugin was affected by...

10Web Photo Gallery < 1.5.55 - SQL Injection

WordPress plugin 10Web Photo Gallery versions before 1.5.55 contains a SQL injection caused by unvalidated input in the 'bwgsearchx' parameter in frontend/models/model.php, letting attackers execute arbitrary SQL commands, exploit requires attacker to control the 'bwgsearchx' parameter. id:...

Contest Gallery - Broken Access Control

Contest Gallery from n/a through 23.1.2 contains an exposure of sensitive information to an unauthorized actor caused by insufficient access controls, letting attackers access sensitive data, exploit requires no specific conditions. id: CVE-2024-43283 info: name: Contest Gallery - Broken Access...

WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting

WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via playlist.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

PT-2026-46174

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

WordPress zm-gallery plugin 1.0 SQL Injection

zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection via the order parameter. id: CVE-2016-10940 info: name: WordPress zm-gallery plugin 1.0 SQL Injection author: cckuailong,daffainfo severity: high description: zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection vi...

CVE-2026-5191

The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

WordPress WP Video Gallery <=1.7.1 - SQL Injection

WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...