CVE-2026-1036

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

WordPress plugin “Photo Gallery” by 10Web – Mobile-Friendly Image Gallery security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-1036 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

CVE-2026-1036

CVE-2026-1036 (Photo Gallery by 10Web – WordPress) is confirmed in connected sources as a real vulnerability. The WordPress plugin is vulnerable to unauthorized modification of data via delete_comment(), due to a missing capability check. All versions up to and including 1.8.36 are affected. The ...

CVE-2026-1036 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

CVE-2026-1036

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

PT-2026-3881

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete comment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

[SECURITY] Fedora 42 Update: exiv2-0.28.6-2.fc42

A command line utility to access image metadata, allowing one to: print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag print the Iptc metadata of Jpeg images print the Jpeg comment of Jpeg images set, add and delete Exif and Iptc metadata of...

CVE-2025-0613

The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed...

CVE-2025-0613 Photo Gallery < 1.8.34 - Unauthenticated Stored XSS

The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed...

SUSE CVE-2008-1081

Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties...

Opera: Multiple vulnerabilities

Background Opera is a fast web browser that is available free of charge. Description Mozilla discovered that Opera does not handle input to file form fields properly, allowing scripts to manipulate the file path CVE-2008-1080. Max Leonov found out that image comments might be treated as scripts,...

Netscape Navigator 4.0.8 - &#039;about:&#039; Domain Information Disclosure

source: https://www.securityfocus.com/bid/2637/info Due to a flaw in Navigator's security code, all URLs in the about: protocol are considered to be part of the same domain. If arbitrary Javascript code is placed in a GIF's comment field, it is treated like a normal HTML page. The Javascript code...

Netscape Navigator 4.0.8 - about: Domain Information Disclosure

Netscape Navigator 4.0.8 - about: Domain Information Disclosure source: https://www.securityfocus.com/bid/2637/info Due to a flaw in Navigator's security code, all URLs in the about: protocol are considered to be part of the same domain. If arbitrary Javascript code is placed in a GIF's comment...