Product
10web photo gallery
63 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-8670
CVE-2025-0613
CVE-2024-13124
CVE-2023-33995
CVE-2024-10704
CVE-2024-9878
CVE-2024-5968
CVE-2024-44043
CVE-2024-37442
CVE-2024-35628
CVE-2024-5481
CVE-2024-5426
CVE-2024-33586
CVE-2024-32583
CVE-2024-2296
CVE-2024-29921
CVE-2024-29833
CVE-2024-29832
CVE-2024-29810
CVE-2024-29809
CVE-2024-29808
CVE-2024-0221
CVE-2023-6924
CVE-2023-39917
CVE-2023-32107
CVE-2023-2568
CVE-2021-46889
CVE-2023-1427
CVE-2022-4058
CVE-2021-31693
CVE-2021-36891
CVE-2022-1394
CVE-2022-1282
CVE-2022-1281
CVE-2022-0169
CVE-2021-25041
CVE-2021-24363
CVE-2021-24362
CVE-2021-24462
CVE-2021-24310
CVE-2021-24291
CVE-2021-24139
CVE-2020-9335
CVE-2015-1394
CVE-2019-16119
CVE-2019-16118
CVE-2019-16117
CVE-2015-9380
CVE-2016-10921
CVE-2016-10918
CVE-2019-14798
CVE-2019-14797
CVE-2019-14313
CVE-2015-2324
CVE-2014-9312
CVE-2017-12977
CVE-2015-1393
CVE-2015-1055
CVE-2008-6790
CVE-2008-6789
CVE-2008-6788
CVE-2008-6348
CVE-2006-3688
< 1.8.29
The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow hi
< 1.8.34
The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticat
< 1.8.33
The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow hi
< 1.8.16
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access C
< 1.8.31
The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow hi
< 1.8.31
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a
< 1.8.28
The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, whi
< 1.8.28
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web
< 5.7.1
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery
< 1.8.26
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n
< 1.8.24
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up
< 1.8.24
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t
< 1.8.21
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n
< 1.8.22
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gal
< 1.8.22
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via S
< 1.15.17
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in supsystic Photo Gallery by S
< 1.8.22
The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross
< 1.8.22
The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Script
< 1.8.22
The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scrip
< 1.8.22
The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scrip
< 1.8.22
The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Script
< 1.8.20
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versio
<= 1.8.18
The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and in
<= 5.2.6
Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays - Responsive Image Gallery plugin <= 5
< 5.1.4
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays - Responsive Image Gallery p
< 5.1.7
The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, le
<= 1.5.69
The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters
< 1.8.15
- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder,
< 1.8.3
The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back
<= 1.5.68
The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for
< 1.15.6
Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the pl
< 1.6.4
The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could a
< 1.6.3
The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is refl
<= 1.6.3
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to
< 1.6.0
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter be
< 1.5.68
The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg
< 1.5.75
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are k
< 1.5.75
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files a
< 4.4.4
The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays - Responsive Image Gallery WordPress plugin
< 1.5.67
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery ti
< 1.5.69
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site S
< 1.5.55
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via
< 1.5.46
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of th
< 1.2.11
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authentic
< 1.5.35
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Album
< 1.5.35
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controll
< 1.5.35
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/G
< 1.2.42
The photo-gallery plugin before 1.2.42 for WordPress has CSRF.
< 1.0.1
The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.
< 1.8.6
The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF.
< 1.5.25
The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the w
< 1.5.23
The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.
< 1.5.31
A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of thi
< 1.2.13
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote
all versions
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
<= 1.3.50
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerabili
<= 1.2.9
SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute a
all versions
SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL comma
all versions
The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a mod
all versions
SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the user
all versions
SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute
all versions
Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands
all versions
SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL co