Photo Gallery Security Vulnerabilities and Issues — Photo Gallery CVE List

Lucene search

10webPhoto Gallery

11 matches found

cve•added 2020/02/08 5:15 p.m.•156 views

CVE-2015-1394

Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_sr...

5.4CVSS5.2AI score0.00293EPSS

cve•added 2019/08/09 2:15 p.m.•64 views

CVE-2019-14797

The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.

5.4CVSS5.4AI score0.00351EPSS

cve•added 2024/03/26 4:15 p.m.•63 views

CVE-2024-29809

The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The a...

5.4CVSS5.8AI score0.00062EPSS

cve•added 2024/04/06 9:15 a.m.•59 views

CVE-2024-2296

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke...

5.5CVSS5.6AI score0.00098EPSS

cve•added 2022/12/19 2:15 p.m.•58 views

CVE-2022-4058

The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.

5.4CVSS5.2AI score0.00103EPSS

cve•added 2024/04/29 1:15 p.m.•58 views

CVE-2024-33586

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20.

5.3CVSS6.8AI score0.00158EPSS

cve•added 2024/03/26 4:15 p.m.•54 views

CVE-2024-29808

The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The att...

5.4CVSS5.8AI score0.00062EPSS

cve•added 2024/03/26 4:15 p.m.•52 views

CVE-2024-29810

The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The a...

5.4CVSS5.8AI score0.00062EPSS

cve•added 2024/03/26 4:15 p.m.•51 views

CVE-2024-29833

The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an...

5.4CVSS5.3AI score0.00037EPSS

cve•added 2018/02/19 7:29 p.m.•46 views

CVE-2015-2324

Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS4.9AI score0.00116EPSS

cve•added 2024/10/06 12:15 p.m.•39 views

CVE-2024-44043

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27.

5.9CVSS6.1AI score0.00062EPSS