Vulnerabilities > 10Web > Photo Gallery > 1.8.18
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-05 | CVE-2024-9878 | Cross-site Scripting vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-10-06 | CVE-2024-44043 | Cross-site Scripting vulnerability in 10Web Photo Gallery Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27. | 4.8 |
| 2024-06-11 | CVE-2024-35628 | Unspecified vulnerability in 10Web Photo Gallery Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25. | 4.3 |
| 2024-06-07 | CVE-2024-5426 | Cross-site Scripting vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-07 | CVE-2024-5481 | Path Traversal vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. | 8.8 |
| 2024-04-29 | CVE-2024-33586 | Unspecified vulnerability in 10Web Photo Gallery Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20. | 5.3 |
| 2024-04-18 | CVE-2024-32583 | Unspecified vulnerability in 10Web Photo Gallery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21. | 6.1 |
| 2024-04-06 | CVE-2024-2296 | Unspecified vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-03-26 | CVE-2024-29808 | Unspecified vulnerability in 10Web Photo Gallery The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. | 5.4 |
| 2024-03-26 | CVE-2024-29809 | Unspecified vulnerability in 10Web Photo Gallery The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. | 5.4 |