Photo Gallery Security Vulnerabilities and Issues — Photo Gallery CVE List

Lucene search

10webPhoto Gallery

5 matches found

CVE•added 2022/03/14 3:15 p.m.•175 views

CVE-2022-0169

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injectio...

9.8CVSS9.8AI score0.78719EPSS

CVE•added 2019/09/08 11:15 p.m.•152 views

CVE-2019-16119

SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.

9.8CVSS9.8AI score0.29386EPSS

CVE•added 2022/05/02 4:15 p.m.•80 views

CVE-2022-1281

The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.

9.8CVSS9.8AI score0.224EPSS

CVE•added 2024/02/05 10:15 p.m.•70 views

CVE-2024-0221

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead t...

9.1CVSS7.3AI score0.01159EPSS

CVE•added 2021/03/18 3:15 p.m.•62 views

CVE-2021-24139

Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.

9.8CVSS9.8AI score0.00546EPSS