Vulnerabilities > 10Web > Photo Gallery > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-02 | CVE-2022-1281 | Unspecified vulnerability in 10Web Photo Gallery The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible. | 9.8 |
| 2022-03-14 | CVE-2022-0169 | Unspecified vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection | 9.8 |
| 2021-03-18 | CVE-2021-24139 | SQL Injection vulnerability in 10Web Photo Gallery Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter. | 9.8 |
| 2019-09-08 | CVE-2019-16119 | SQL Injection vulnerability in 10Web Photo Gallery SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. | 9.8 |
| 2019-07-30 | CVE-2019-14313 | SQL Injection vulnerability in 10Web Photo Gallery A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. | 9.8 |