Vulnerabilities > 10Web > Photo Gallery > 1.8.16
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-06 | CVE-2024-44043 | Cross-site Scripting vulnerability in 10Web Photo Gallery Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27. | 4.8 |
| 2024-06-11 | CVE-2024-35628 | Unspecified vulnerability in 10Web Photo Gallery Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25. | 4.3 |
| 2024-04-29 | CVE-2024-33586 | Unspecified vulnerability in 10Web Photo Gallery Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20. | 5.3 |
| 2024-04-18 | CVE-2024-32583 | Unspecified vulnerability in 10Web Photo Gallery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21. | 6.1 |
| 2024-04-06 | CVE-2024-2296 | Unspecified vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-03-26 | CVE-2024-29808 | Unspecified vulnerability in 10Web Photo Gallery The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. | 5.4 |
| 2024-03-26 | CVE-2024-29809 | Unspecified vulnerability in 10Web Photo Gallery The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. | 5.4 |
| 2024-03-26 | CVE-2024-29810 | Unspecified vulnerability in 10Web Photo Gallery The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. | 5.4 |
| 2024-03-26 | CVE-2024-29832 | Unspecified vulnerability in 10Web Photo Gallery The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. | 6.1 |
| 2024-03-26 | CVE-2024-29833 | Unspecified vulnerability in 10Web Photo Gallery The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. | 5.4 |