Photo Gallery Security Vulnerabilities and Issues — Photo Gallery CVE List

Lucene search

10webPhoto Gallery

7 matches found

CVE•added 2019/09/08 11:15 p.m.•152 views

CVE-2019-16119

SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.

9.8CVSS9.8AI score0.27461EPSS

CVE•added 2019/09/08 11:15 p.m.•141 views

CVE-2019-16118

Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.

6.1CVSS6.1AI score0.02707EPSS

CVE•added 2019/09/08 11:15 p.m.•133 views

CVE-2019-16117

Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.

6.1CVSS5.5AI score0.01799EPSS

CVE•added 2019/07/30 6:15 p.m.•89 views

CVE-2019-14313

A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.

10CVSS9.8AI score0.0414EPSS

CVE•added 2019/08/09 2:15 p.m.•69 views

CVE-2019-14798

The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.

4.9CVSS5.2AI score0.00727EPSS

CVE•added 2019/08/09 2:15 p.m.•64 views

CVE-2019-14797

The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.

5.4CVSS5.4AI score0.00351EPSS

CVE•added 2019/08/30 1:15 p.m.•59 views

CVE-2015-9380

The photo-gallery plugin before 1.2.42 for WordPress has CSRF.

8.8CVSS8.7AI score0.00222EPSS