Lucene search
K

198 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-49771

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

7.6CVSS5.6AI score0.00227EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 10:16 a.m.12 views

CVE-2026-49771

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

7.6CVSS0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 9:49 a.m.37 views

CVE-2026-49771 WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

7.6CVSS0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 9:49 a.m.21 views

CVE-2026-49771

Summary of CVE-2026-49771 : The WordPress Photo Gallery by 10Web plugin (versions up to 1.8.41) is affected by an SQL Injection vulnerability due to improper neutralization of special elements. The issue enables blind SQL injection. Details in connected documents specify the affected product and ...

7.6CVSS5.8AI score0.00227EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 9:49 a.m.11 views

EUVD-2026-34240

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

7.6CVSS5.8AI score0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 9:49 a.m.9 views

CVE-2026-49771 WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

7.6CVSS5.8AI score0.00227EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 9:49 a.m.5 views

CVE-2026-49771

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...

7.6CVSS5.8AI score0.00227EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/04 9:48 a.m.11 views

WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Photo Gallery by 10Web versions = 1.8.41...

7.6CVSS5.9AI score0.00227EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46174

Name of the Vulnerable Software and Affected Versions 10Web Photo Gallery versions prior to 1.8.42 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return the resul...

7.6CVSS5.7AI score0.00227EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/28 7:43 a.m.31 views

CVE-2026-7048 Photo Gallery by 10Web <= 1.8.40 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

6.5CVSS0.00504EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:43 a.m.14 views

CVE-2026-7048

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

6.5CVSS5.9AI score0.00504EPSS
Exploits0References11
EUVD
EUVD
added 2026/05/28 7:43 a.m.57 views

EUVD-2026-32744

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

6.5CVSS5.9AI score0.00504EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/28 7:43 a.m.12 views

CVE-2026-7048 Photo Gallery by 10Web <= 1.8.40 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

6.5CVSS5.9AI score0.00504EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44217

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order by' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...

6.5CVSS5.9AI score0.00504EPSS
Exploits0References11
Patchstack
Patchstack
added 2026/05/27 7:36 p.m.22 views

WordPress Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin <= 1.8.40 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Or Benit - MadSec in WordPress Plugin Photo Gallery by 10Web versions = 1.8.40...

6.5CVSS5.9AI score0.00504EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/05 4:19 p.m.6 views

WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.42 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by type5afe in WordPress Plugin Form Maker by 10Web versions = 1.15.42...

7.5CVSS5.9AI score0.00358EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/05 9:31 a.m.7 views

EUVD-2026-27240

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS5.9AI score0.00358EPSS
Exploits1References3
NVD
NVD
added 2026/05/05 9:16 a.m.10 views

CVE-2026-3359

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS0.00358EPSS
Exploits1References2
CVE
CVE
added 2026/05/05 7:42 a.m.23 views

CVE-2026-3359

The CVE-2026-3359 entry concerns the WordPress plugin Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder. Affected component: the inputs parameter used in SQL queries. Root cause: insufficient escaping and lack of adequate query preparation, allowing unauthenticated attackers ...

7.5CVSS5.9AI score0.00358EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/05 7:42 a.m.6 views

CVE-2026-3359 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.42 - Unauthenticated SQL Injection via 'inputs'

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS5.9AI score0.00358EPSS
Exploits1References2
Rows per page
Query Builder