3 matches found
CVE-2019-14798
The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.
CVE-2019-14797
The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.
CVE-2015-9380
The photo-gallery plugin before 1.2.42 for WordPress has CSRF.