Vulnerabilities > 10Web > Photo Gallery > 1.5.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-08 | CVE-2019-16118 | Cross-site Scripting vulnerability in 10Web Photo Gallery Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php. | 6.1 |
| 2019-09-08 | CVE-2019-16117 | Cross-site Scripting vulnerability in 10Web Photo Gallery Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php. | 6.1 |
| 2019-08-09 | CVE-2019-14798 | Path Traversal vulnerability in 10Web Photo Gallery The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter. | 4.9 |
| 2019-08-09 | CVE-2019-14797 | Cross-site Scripting vulnerability in 10Web Photo Gallery The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. | 5.4 |
| 2019-07-30 | CVE-2019-14313 | SQL Injection vulnerability in 10Web Photo Gallery A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. | 9.8 |