10web

Photo Gallery

49 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-5426

  • EPSS 0.27%
  • Veröffentlicht 07.06.2024 10:15:11
  • Zuletzt bearbeitet 21.11.2024 09:47:37

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escapi...

8.8

CVE-2024-5481

  • EPSS 0.67%
  • Veröffentlicht 07.06.2024 10:15:11
  • Zuletzt bearbeitet 21.11.2024 09:47:45

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste...

5.3

CVE-2024-33586

  • EPSS 0.16%
  • Veröffentlicht 29.04.2024 13:15:30
  • Zuletzt bearbeitet 06.03.2025 15:00:11

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20.

6.1

CVE-2024-32583

  • EPSS 0.15%
  • Veröffentlicht 18.04.2024 10:15:13
  • Zuletzt bearbeitet 06.03.2025 15:00:11

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21.

4.8

CVE-2024-2296

  • EPSS 0.13%
  • Veröffentlicht 06.04.2024 09:15:07
  • Zuletzt bearbeitet 06.03.2025 15:00:11

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping....

5.4

CVE-2024-29833

Exploit
  • EPSS 0.05%
  • Veröffentlicht 26.03.2024 16:15:13
  • Zuletzt bearbeitet 09.04.2025 15:42:02

The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace ...

6.1

CVE-2024-29832

Exploit
  • EPSS 0.13%
  • Veröffentlicht 26.03.2024 16:15:12
  • Zuletzt bearbeitet 09.04.2025 15:41:45

The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbit...

5.4

CVE-2024-29810

Exploit
  • EPSS 0.08%
  • Veröffentlicht 26.03.2024 16:15:12
  • Zuletzt bearbeitet 09.04.2025 15:41:36

The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitr...

5.4

CVE-2024-29809

Exploit
  • EPSS 0.08%
  • Veröffentlicht 26.03.2024 16:15:12
  • Zuletzt bearbeitet 01.04.2025 17:37:19

The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitr...

5.4

CVE-2024-29808

Exploit
  • EPSS 0.08%
  • Veröffentlicht 26.03.2024 16:15:12
  • Zuletzt bearbeitet 01.04.2025 17:44:53

The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrar...