10web

Photo Gallery

55 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-9829

  • EPSS 0.33%
  • Veröffentlicht 06.06.2026 04:28:20
  • Zuletzt bearbeitet 08.06.2026 14:57:14

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compact_album_order_by' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on th...

6.5

CVE-2026-7048

  • EPSS 0.5%
  • Veröffentlicht 28.05.2026 07:43:42
  • Zuletzt bearbeitet 28.05.2026 13:45:25

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order_by' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplie...

4.3

CVE-2026-32330

  • EPSS 0.11%
  • Veröffentlicht 13.03.2026 11:41:55
  • Zuletzt bearbeitet 22.04.2026 21:30:26

Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.

5.9

CVE-2026-27360

  • EPSS 0.2%
  • Veröffentlicht 19.02.2026 20:35:42
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.38.

5.3

CVE-2026-1036

  • EPSS 0.22%
  • Veröffentlicht 21.01.2026 23:23:27
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_comment() function in all versions up to, and including, 1.8.36. This m...

4.8

CVE-2024-8670

Exploit
  • EPSS 0.32%
  • Veröffentlicht 15.05.2025 20:15:59
  • Zuletzt bearbeitet 04.06.2025 20:08:00

The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability...

6.1

CVE-2025-2269

  • EPSS 0.22%
  • Veröffentlicht 11.04.2025 23:21:55
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘image_id’ parameter in all versions up to, and including, 1.8.34 due to insufficient input sanitization and outpu...

6.1

CVE-2025-0613

Exploit
  • EPSS 0.26%
  • Veröffentlicht 31.03.2025 06:15:29
  • Zuletzt bearbeitet 13.05.2025 13:29:46

The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed

3.5

CVE-2024-13124

Exploit
  • EPSS 0.23%
  • Veröffentlicht 24.03.2025 06:00:07
  • Zuletzt bearbeitet 13.05.2025 20:08:31

The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability...

4.3

CVE-2023-33995

  • EPSS 0.39%
  • Veröffentlicht 13.12.2024 15:15:14
  • Zuletzt bearbeitet 28.04.2026 19:20:39

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15.