10web

Photo Gallery

49 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2021-24363

Exploit
  • EPSS 0.35%
  • Published 16.08.2021 11:15:08
  • Last modified 21.11.2024 05:52:55

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path tra...

6.1

CVE-2021-24362

Exploit
  • EPSS 0.21%
  • Published 16.08.2021 11:15:07
  • Last modified 21.11.2024 05:52:55

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SV...

4.8

CVE-2021-24310

Exploit
  • EPSS 0.19%
  • Published 01.06.2021 14:15:08
  • Last modified 21.11.2024 05:52:49

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will ...

6.1

CVE-2021-24291

Exploit
  • EPSS 14.62%
  • Published 14.05.2021 12:15:08
  • Last modified 21.11.2024 05:52:46

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX acti...

9.8

CVE-2021-24139

  • EPSS 0.55%
  • Published 18.03.2021 15:15:14
  • Last modified 21.11.2024 05:52:26

Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.

4.8

CVE-2020-9335

  • EPSS 0.55%
  • Published 25.02.2020 17:15:13
  • Last modified 21.11.2024 05:40:25

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other user...

5.4

CVE-2015-1394

Exploit
  • EPSS 0.29%
  • Published 08.02.2020 17:15:11
  • Last modified 21.11.2024 02:25:20

Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clip...

9.8

CVE-2019-16119

  • EPSS 29.39%
  • Published 08.09.2019 23:15:10
  • Last modified 21.11.2024 04:30:05

SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.

6.1

CVE-2019-16118

  • EPSS 2.55%
  • Published 08.09.2019 23:15:10
  • Last modified 21.11.2024 04:30:05

Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.

6.1

CVE-2019-16117

  • EPSS 1.65%
  • Published 08.09.2019 23:15:10
  • Last modified 21.11.2024 04:30:04

Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.