Vulnerabilities > 10Web > Photo Gallery > 1.8.15
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-26 | CVE-2024-29809 | Unspecified vulnerability in 10Web Photo Gallery The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. | 5.4 |
| 2024-03-26 | CVE-2024-29810 | Unspecified vulnerability in 10Web Photo Gallery The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. | 5.4 |
| 2024-03-26 | CVE-2024-29832 | Unspecified vulnerability in 10Web Photo Gallery The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. | 6.1 |
| 2024-03-26 | CVE-2024-29833 | Unspecified vulnerability in 10Web Photo Gallery The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. | 5.4 |
| 2024-02-05 | CVE-2024-0221 | Path Traversal vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. | 7.2 |
| 2024-01-11 | CVE-2023-6924 | Cross-site Scripting vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |