10web

Photo Gallery

49 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2021-24363

Exploit
  • EPSS 0.35%
  • Veröffentlicht 16.08.2021 11:15:08
  • Zuletzt bearbeitet 21.11.2024 05:52:55

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path tra...

6.1

CVE-2021-24362

Exploit
  • EPSS 0.21%
  • Veröffentlicht 16.08.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 05:52:55

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SV...

4.8

CVE-2021-24310

Exploit
  • EPSS 0.19%
  • Veröffentlicht 01.06.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 05:52:49

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will ...

6.1

CVE-2021-24291

Exploit
  • EPSS 14.62%
  • Veröffentlicht 14.05.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 05:52:46

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX acti...

9.8

CVE-2021-24139

  • EPSS 0.55%
  • Veröffentlicht 18.03.2021 15:15:14
  • Zuletzt bearbeitet 21.11.2024 05:52:26

Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.

4.8

CVE-2020-9335

  • EPSS 0.55%
  • Veröffentlicht 25.02.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:40:25

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other user...

5.4

CVE-2015-1394

Exploit
  • EPSS 0.29%
  • Veröffentlicht 08.02.2020 17:15:11
  • Zuletzt bearbeitet 21.11.2024 02:25:20

Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clip...

9.8

CVE-2019-16119

  • EPSS 29.39%
  • Veröffentlicht 08.09.2019 23:15:10
  • Zuletzt bearbeitet 21.11.2024 04:30:05

SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.

6.1

CVE-2019-16118

  • EPSS 2.55%
  • Veröffentlicht 08.09.2019 23:15:10
  • Zuletzt bearbeitet 21.11.2024 04:30:05

Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.

6.1

CVE-2019-16117

  • EPSS 1.65%
  • Veröffentlicht 08.09.2019 23:15:10
  • Zuletzt bearbeitet 21.11.2024 04:30:04

Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.