Every CVE whose affected-product data names 10web Photo Gallery, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (49)
CVE-2021-24139 — CVSS 9.8 (critical): Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the…
CVE-2022-1281 — CVSS 9.8 (critical): The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL…
CVE-2022-0169 — CVSS 9.8 (critical): The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before…
CVE-2019-14313 — CVSS 9.8 (critical): A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this…
CVE-2019-16119 — CVSS 9.8 (critical): SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries…
CVE-2024-0221 — CVSS 9.1 (critical): The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up…
CVE-2015-1055 — CVSS 7.5 (high): SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via…
CVE-2017-12977 — CVSS 7.2 (high): The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability…
CVE-2024-32583 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by…
CVE-2024-5481 — CVSS 6.8 (medium): The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to…
CVE-2015-1393 — CVSS 6.5 (medium): SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary…
CVE-2024-5426 — CVSS 6.4 (medium): The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
CVE-2022-1282 — CVSS 6.1 (medium): The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected…
CVE-2019-16117 — CVSS 6.1 (medium): Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.p…
CVE-2019-16118 — CVSS 6.1 (medium): Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Option…
CVE-2021-24291 — CVSS 6.1 (medium): The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site…
CVE-2021-24362 — CVSS 6.1 (medium): The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to…
CVE-2021-25041 — CVSS 6.1 (medium): The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the…
CVE-2021-31693 — CVSS 6.1 (medium): The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for…
CVE-2021-46889 — CVSS 6.1 (medium): The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are…
CVE-2024-29832 — CVSS 6.1 (medium): The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The…
CVE-2025-0613 — CVSS 6.1 (medium): The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users…
CVE-2024-44043 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web…
CVE-2024-2296 — CVSS 5.5 (medium): The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file…
CVE-2022-4058 — CVSS 5.4 (medium): The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS…
CVE-2015-2324 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote…
CVE-2024-29808 — CVSS 5.4 (medium): The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The…
CVE-2024-29809 — CVSS 5.4 (medium): The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The…
CVE-2024-29810 — CVSS 5.4 (medium): The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The…
CVE-2015-1394 — CVSS 5.4 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated…
CVE-2024-29833 — CVSS 5.4 (medium): The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site…
CVE-2024-33586 — CVSS 5.3 (medium): Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a…
CVE-2021-24363 — CVSS 4.9 (medium): The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept…
CVE-2019-14798 — CVSS 4.9 (medium): The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the…
CVE-2023-1427 — CVSS 4.9 (medium): - The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing…
CVE-2021-24310 — CVSS 4.8 (medium): The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title…
CVE-2022-1394 — CVSS 4.8 (medium): The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high…
CVE-2024-10704 — CVSS 4.8 (medium): The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-5968 — CVSS 4.8 (medium): The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could…
CVE-2024-8670 — CVSS 4.8 (medium): The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high…
CVE-2020-9335 — CVSS 4.8 (medium): Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this…
CVE-2023-6924 — CVSS 4.4 (medium): The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including…
CVE-2024-9878 — CVSS 4.4 (medium): The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin…
CVE-2023-33995 — CVSS 4.3 (medium): Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control…
CVE-2024-35628 — CVSS 4.3 (medium): Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a…
CVE-2024-13124 — CVSS 3.5 (low): The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high…