Vulnerabilites related to 10web - photo_gallery
Vulnerability from fkie_nvd
Published
2017-08-21 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jgj212/Advisories/blob/master/photo-gallery.1.3.50-SQL | Third Party Advisory | |
| cve@mitre.org | https://wordpress.org/plugins/photo-gallery/#developers | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jgj212/Advisories/blob/master/photo-gallery.1.3.50-SQL | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/photo-gallery/#developers | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1AFD1FF6-9EA4-469A-8933-8C9358C0E75E",
"versionEndIncluding": "1.3.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web-Dorado \"Photo Gallery by WD - Responsive Photo Gallery\" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter."
},
{
"lang": "es",
"value": "El plugin \"Photo Gallery by WD - Responsive Photo Gallery\" de Web-Dorado en su versi\u00f3n 1.3.51 para WordPress tiene una vulnerabilidad de inyecci\u00f3n SQL que afecta a bwg_edit_tag() en photo-gallery.php y a edit_tag() en admin/controllers/BWGControllerTags_bwg.php. Los administradores lo podr\u00edan explotar mediante el par\u00e1metro tag_id."
}
],
"id": "CVE-2017-12977",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-21T01:29:00.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jgj212/Advisories/blob/master/photo-gallery.1.3.50-SQL"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jgj212/Advisories/blob/master/photo-gallery.1.3.50-SQL"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-26 16:15
Modified
2025-04-09 15:42
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "58CE3C46-F773-4577-8A00-83AB7A8442C6",
"versionEndExcluding": "1.8.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users."
},
{
"lang": "es",
"value": "El componente de carga de im\u00e1genes permite archivos SVG y la expresi\u00f3n regular utilizada para eliminar etiquetas de script se puede omitir mediante el uso de un payload de Cross Site Scripting que no coincide con la expresi\u00f3n regular; un ejemplo de esto es la inclusi\u00f3n de espacios en blanco dentro de la etiqueta del script. Un atacante debe apuntar a un usuario autenticado con permisos para acceder a esta funci\u00f3n; sin embargo, una vez cargada, el payload tambi\u00e9n es accesible para usuarios no autenticados."
}
],
"id": "CVE-2024-29833",
"lastModified": "2025-04-09T15:42:02.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "info@appcheck-ng.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-26T16:15:13.063",
"references": [
{
"source": "info@appcheck-ng.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"source": "info@appcheck-ng.com",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"sourceIdentifier": "info@appcheck-ng.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "info@appcheck-ng.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-01 14:15
Modified
2024-11-21 05:52
Severity ?
Summary
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "70A1E6F4-4538-4B48-BDEB-3150451DFC51",
"versionEndExcluding": "1.5.67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117"
},
{
"lang": "es",
"value": "El plugin de WordPress Photo Gallery by 10Web - Mobile-Friendly Image Gallery versiones anteriores a 1.5.67, no saneaba apropiadamente el t\u00edtulo de la galer\u00eda, permitiendo a usuarios muy privilegiados crear uno con carga \u00fatil de tipo XSS, el cual se desencadenar\u00e1 cuando otro usuario visualice la lista de la galer\u00eda o la galer\u00eda afectada en el panel de administraci\u00f3n. Esto es debido a una correci\u00f3n incompleta de CVE-2019-16117"
}
],
"id": "CVE-2021-24310",
"lastModified": "2024-11-21T05:52:49.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-01T14:15:08.823",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-16 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | 1.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:1.2.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "40C97375-7FD3-44F8-BB4D-DCEDC92743E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el plugin Photo Gallery 1.2.7 para WordPress permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro order_by en una acci\u00f3n GalleryBox en wp-admin/admin-ajax.php."
}
],
"id": "CVE-2015-1055",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-16T15:59:05.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/36"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/72015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72015"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-16 11:15
Modified
2024-11-21 05:52
Severity ?
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly (ie in the /wp-content/uploads/photo-gallery/ folder), leading to a Cross-Site Scripting (XSS) issue
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/57823dcb-2149-47f7-aae2-d9f04dce851a | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/57823dcb-2149-47f7-aae2-d9f04dce851a | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D07C4188-B7D7-4DF7-ADF1-B1088C5B3147",
"versionEndExcluding": "1.5.75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly (ie in the /wp-content/uploads/photo-gallery/ folder), leading to a Cross-Site Scripting (XSS) issue"
},
{
"lang": "es",
"value": "El plugin de WordPress Photo Gallery by 10Web - Mobile-Friendly Image Gallery versiones anteriores a 1.5.75, no aseguraba que los archivos SVG cargados y a\u00f1adidos a una galer\u00eda no contuvieran contenido malicioso. Como resultado, unos usuarios autorizados a a\u00f1adir im\u00e1genes a la galer\u00eda pueden subir un archivo SVG que contenga c\u00f3digo JavaScript, que ser\u00e1 ejecutado cuando se acceda a la imagen directamente (es decir, en la carpeta /wp-content/uploads/photo-gallery/), conllevando a un problema de tipo Cross-Site Scripting (XSS)"
}
],
"id": "CVE-2021-24362",
"lastModified": "2024-11-21T05:52:55.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-16T11:15:07.857",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/57823dcb-2149-47f7-aae2-d9f04dce851a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/57823dcb-2149-47f7-aae2-d9f04dce851a"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-07 10:15
Modified
2024-11-21 09:47
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure Photo Gallery can be extended to contributors on pro versions of the plugin.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "974320E7-18AE-4738-BE29-52AF8BDA52EE",
"versionEndExcluding": "1.8.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018svg\u2019 parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure Photo Gallery can be extended to contributors on pro versions of the plugin."
},
{
"lang": "es",
"value": "El complemento Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro \u0027svg\u0027 en todas las versiones hasta la 1.8.23 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. De forma predeterminada, esto solo puede ser aprovechado por los administradores, pero la capacidad de usar y configurar la Galer\u00eda fotogr\u00e1fica se puede extender a los contribuyentes en las versiones profesionales del complemento."
}
],
"id": "CVE-2024-5426",
"lastModified": "2024-11-21T09:47:37.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-07T10:15:11.627",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/UploadHandler.php#L521"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/UploadHandler.php#L542"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3098798/"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/13436238-f14a-445b-9a9b-fbcf23b7b498?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/UploadHandler.php#L521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/UploadHandler.php#L542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3098798/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/13436238-f14a-445b-9a9b-fbcf23b7b498?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-06 09:15
Modified
2025-03-06 16:06
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "58CE3C46-F773-4577-8A00-83AB7A8442C6",
"versionEndExcluding": "1.8.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
},
{
"lang": "es",
"value": "El complemento Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de cargas de archivos SVG en todas las versiones hasta la 1.8.21 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso a nivel de administrador, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html."
}
],
"id": "CVE-2024-2296",
"lastModified": "2025-03-06T16:06:41.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-06T09:15:07.883",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3058445%40photo-gallery\u0026new=3058445%40photo-gallery\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/994a044d-db69-4f2d-9027-cf3665446ed3?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3058445%40photo-gallery\u0026new=3058445%40photo-gallery\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/994a044d-db69-4f2d-9027-cf3665446ed3?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-08 23:15
Modified
2024-11-21 04:30
Severity ?
Summary
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2E60198F-76D7-43B9-8513-3653D5A9835A",
"versionEndExcluding": "1.5.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php."
},
{
"lang": "es",
"value": "Secuencias de comandos de sitios cruzados (XSS) en el plugin de galer\u00eda de fotos (10Web Photo Gallery) anterior de la versi\u00f3n 1.5.35 para WordPress existe a trav\u00e9s de admin / controllers / Options.php."
}
],
"id": "CVE-2019-16118",
"lastModified": "2024-11-21T04:30:05.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-08T23:15:10.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Options.php?old=2142624\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FOptions.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/js/bwg.js?old=2135029\u0026old_path=photo-gallery%2Ftrunk%2Fjs%2Fbwg.js"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Options.php?old=2142624\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FOptions.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/js/bwg.js?old=2135029\u0026old_path=photo-gallery%2Ftrunk%2Fjs%2Fbwg.js"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9872"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-16 11:15
Modified
2024-11-21 05:52
Severity ?
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/1628935f-1d7d-4609-b7a9-e5526499c974 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/1628935f-1d7d-4609-b7a9-e5526499c974 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D07C4188-B7D7-4DF7-ADF1-B1088C5B3147",
"versionEndExcluding": "1.5.75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector"
},
{
"lang": "es",
"value": "El plugin de WordPress Photo Gallery by 10Web - Mobile-Friendly Image Gallery versiones anteriores a 1.5.75, no aseguraba que los archivos subidos se mantuvieran dentro de su carpeta uploads, permitiendo a usuarios con altos privilegios poner im\u00e1genes/SVG en cualquier parte del sistema de archivos por medio de un vector de salto de ruta."
}
],
"id": "CVE-2021-24363",
"lastModified": "2024-11-21T05:52:55.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-16T11:15:08.000",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/1628935f-1d7d-4609-b7a9-e5526499c974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/1628935f-1d7d-4609-b7a9-e5526499c974"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "contact@wpscan.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-29 06:15
Modified
2025-05-07 00:07
Severity ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/6c115117-11c0-4c9e-9988-8547c9364c01/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9F46FE72-6A51-4652-B150-FE2009752353",
"versionEndExcluding": "1.8.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
},
{
"lang": "es",
"value": "El complemento Photo Gallery de 10Web para WordPress anterior a la versi\u00f3n 1.8.31 no desinfecta ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir que usuarios con privilegios elevados como el administrador realicen ataques de Cross-Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n de varios sitios)."
}
],
"id": "CVE-2024-10704",
"lastModified": "2025-05-07T00:07:12.940",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-29T06:15:06.423",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/6c115117-11c0-4c9e-9988-8547c9364c01/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-07 10:15
Modified
2024-11-21 09:47
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the server, which can contain sensitive information, and to cut (delete) arbitrary directories, including the root WordPress directory. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery edit permissions to lower level users, which might make this exploitable by users as low as contributors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "974320E7-18AE-4738-BE29-52AF8BDA52EE",
"versionEndExcluding": "1.8.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the server, which can contain sensitive information, and to cut (delete) arbitrary directories, including the root WordPress directory. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery edit permissions to lower level users, which might make this exploitable by users as low as contributors."
},
{
"lang": "es",
"value": "El complemento Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery para WordPress es vulnerable a Path Traversal en todas las versiones hasta la 1.8.23 incluida a trav\u00e9s de la funci\u00f3n esc_dir. Esto hace posible que atacantes autenticados corten y peguen (copien) el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial, y corten (eliminen) directorios arbitrarios, incluido el directorio ra\u00edz de WordPress. De forma predeterminada, esto s\u00f3lo puede ser aprovechado por los administradores. En la versi\u00f3n premium del complemento, los administradores pueden otorgar permisos de edici\u00f3n de la galer\u00eda a usuarios de niveles inferiores, lo que podr\u00eda hacer que esto sea explotable por usuarios tan bajos como contribuyentes."
}
],
"id": "CVE-2024-5481",
"lastModified": "2024-11-21T09:47:45.877",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-07T10:15:11.827",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L178"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L436"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L512"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3098798/"
},
{
"source": "security@wordfence.com",
"tags": [
"Product",
"Release Notes"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76c38826-4d49-4204-b6b6-b01d01373fa9?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3098798/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76c38826-4d49-4204-b6b6-b01d01373fa9?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-30 13:15
Modified
2024-11-21 02:40
Severity ?
Summary
The photo-gallery plugin before 1.2.42 for WordPress has CSRF.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://wordpress.org/plugins/photo-gallery/#developers | Product, Third Party Advisory | |
| cve@mitre.org | https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable/ | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://wpvulndb.com/vulnerabilities/7225 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/photo-gallery/#developers | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable/ | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpvulndb.com/vulnerabilities/7225 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2EFBA0A5-C377-4521-B30C-59752CE1B381",
"versionEndExcluding": "1.2.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The photo-gallery plugin before 1.2.42 for WordPress has CSRF."
},
{
"lang": "es",
"value": "El plugin photo-gallery anterior a la versi\u00f3n 1.2.42 para WordPress tiene CSRF."
}
],
"id": "CVE-2015-9380",
"lastModified": "2024-11-21T02:40:29.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-30T13:15:11.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/7225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/7225"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-06 16:15
Modified
2024-11-21 05:54
Severity ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://plugins.trac.wordpress.org/changeset/2467205 | Patch, Third Party Advisory | |
| contact@wpscan.com | https://wpscan.com/vulnerability/32aee3ea-e0af-44da-a16c-102c83eaed8f | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plugins.trac.wordpress.org/changeset/2467205 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/32aee3ea-e0af-44da-a16c-102c83eaed8f | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "12AD1A02-8395-4255-AA00-E6B7E472C754",
"versionEndExcluding": "1.5.68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action"
},
{
"lang": "es",
"value": "El plugin Photo Gallery by 10Web de WordPress versiones anteriores a 1.5.68, es vulnerable a problemas de tipo Cross-Site Scripting (XSS) Reflejado por medio de los par\u00e1metros GET bwg_album_breadcrumb_0 y shortcode_id pasados a la acci\u00f3n AJAX bwg_frontend_data"
}
],
"id": "CVE-2021-25041",
"lastModified": "2024-11-21T05:54:14.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-06T16:15:08.660",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/2467205"
},
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/32aee3ea-e0af-44da-a16c-102c83eaed8f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/2467205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/32aee3ea-e0af-44da-a16c-102c83eaed8f"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-02 16:15
Modified
2024-11-21 06:40
Severity ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EB372C7D-A626-46E2-8E01-89C6D2AF5C74",
"versionEndExcluding": "1.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET[\u0027image_url\u0027] variable, which is reflected back to the users when executing the editimage_bwg AJAX action."
},
{
"lang": "es",
"value": "El plugin Photo Gallery by 10Web de WordPress versiones anteriores a 1.6.3, no sanea apropiadamente la variable $_GET[\"image_url\"], que es reflejada en usuarios cuando es ejecutada la acci\u00f3n AJAX editimage_bwg"
}
],
"id": "CVE-2022-1282",
"lastModified": "2024-11-21T06:40:24.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-02T16:15:09.133",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2706798%40photo-gallery\u0026old=2694928%40photo-gallery\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/37a58f4e-d2bc-4825-8e1b-4aaf0a1cf1b6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2706798%40photo-gallery\u0026old=2694928%40photo-gallery\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/37a58f4e-d2bc-4825-8e1b-4aaf0a1cf1b6"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-05 22:15
Modified
2024-11-21 08:46
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "66A6F0D1-8EBF-4862-9BAF-DDCB55232FCE",
"versionEndExcluding": "1.8.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors."
},
{
"lang": "es",
"value": "El complemento Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 1.8.19 incluida, a trav\u00e9s de la funci\u00f3n rename_item. Esto hace posible que atacantes autenticados cambien el nombre de archivos arbitrarios en el servidor. Esto puede provocar adquisiciones de sitios si se puede cambiar el nombre del archivo wp-config.php de un sitio. De forma predeterminada, esto s\u00f3lo puede ser aprovechado por los administradores. En la versi\u00f3n premium del complemento, los administradores pueden otorgar permisos de administraci\u00f3n de la galer\u00eda a usuarios de niveles inferiores, lo que podr\u00eda hacer que esto sea explotable por usuarios tan bajos como los contribuyentes."
}
],
"id": "CVE-2024-0221",
"lastModified": "2024-11-21T08:46:05.567",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-05T22:15:59.297",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L291"
},
{
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L441"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3022981%40photo-gallery%2Ftrunk\u0026old=3013021%40photo-gallery%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3022981%40photo-gallery%2Ftrunk\u0026old=3013021%40photo-gallery%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-19 14:15
Modified
2024-11-21 07:34
Severity ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "32E0F285-25BF-44DE-A0CB-1F160BE55385",
"versionEndExcluding": "1.8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control."
},
{
"lang": "es",
"value": "El complemento Photo Gallery de 10Web para WordPress anterior a 1.8.3 no valida ni escapa algunos par\u00e1metros antes de volver a generarlos en c\u00f3digo JS m\u00e1s adelante en otra p\u00e1gina, lo que podr\u00eda provocar un problema de XSS almacenado cuando un atacante hace que un administrador que ha iniciado sesi\u00f3n abra un archivo malicioso, URL o p\u00e1gina bajo su control."
}
],
"id": "CVE-2022-4058",
"lastModified": "2024-11-21T07:34:31.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-19T14:15:11.920",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified"
}
Vulnerability from fkie_nvd
Published
2024-03-26 16:15
Modified
2025-04-09 15:41
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No authentication is required to exploit this issue.
Note that other parameters within a AJAX call, such as image_id, must be valid for this vulnerability to be successfully exploited.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "58CE3C46-F773-4577-8A00-83AB7A8442C6",
"versionEndExcluding": "1.8.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No authentication is required to exploit this issue.\nNote that other parameters within a AJAX call, such as image_id, must be valid for this vulnerability to be successfully exploited."
},
{
"lang": "es",
"value": "El par\u00e1metro current_url de la llamada AJAX a la acci\u00f3n GalleryBox de admin-ajax.php es vulnerable al Cross Site Scripting reflejado. El valor del par\u00e1metro current_url est\u00e1 incrustado dentro de un JavaScript existente dentro de la respuesta, lo que permite insertar y ejecutar JavaScript arbitrario. No se requiere autenticaci\u00f3n para aprovechar este problema. Tenga en cuenta que otros par\u00e1metros dentro de una llamada AJAX, como image_id, deben ser v\u00e1lidos para que esta vulnerabilidad se aproveche con \u00e9xito."
}
],
"id": "CVE-2024-29832",
"lastModified": "2025-04-09T15:41:45.343",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "info@appcheck-ng.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-26T16:15:12.890",
"references": [
{
"source": "info@appcheck-ng.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"source": "info@appcheck-ng.com",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"sourceIdentifier": "info@appcheck-ng.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "info@appcheck-ng.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-19 19:29
Modified
2024-11-21 02:27
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://fortiguard.com/zeroday/FG-VD-15-009 | Third Party Advisory | |
| cve@mitre.org | https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/zeroday/FG-VD-15-009 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt | Product, Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F06A8283-48C2-44E8-91A1-9837AF3D426D",
"versionEndExcluding": "1.2.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en filemanager en las versiones anteriores a la 1.2.13 del plugin Photo Gallery para WordPress permite que los usuarios autenticados remotos con permiso de edici\u00f3n inyecten scripts web o HTML arbitrarios mediante vectores no especificados."
}
],
"id": "CVE-2015-2324",
"lastModified": "2024-11-21T02:27:13.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-19T19:29:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-009"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-29 13:15
Modified
2025-03-06 15:55
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "AD0405E3-FD18-4494-BA14-75CF442735F0",
"versionEndExcluding": "1.8.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Photo Gallery Team Photo Gallery de 10Web. Este problema afecta a Photo Gallery de 10Web: desde n/a hasta 1.8.20."
}
],
"id": "CVE-2024-33586",
"lastModified": "2025-03-06T15:55:21.983",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-29T13:15:30.820",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-20-broken-access-control-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-20-broken-access-control-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "audit@patchstack.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-13 15:15
Modified
2025-03-06 16:13
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CCE53A83-7654-4044-855A-B676C73D7B91",
"versionEndExcluding": "1.8.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Photo Gallery Team Photo Gallery by 10Web permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Photo Gallery de 10Web: desde n/a hasta 1.8.15."
}
],
"id": "CVE-2023-33995",
"lastModified": "2025-03-06T16:13:56.413",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-13T15:15:14.100",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/wordpress/plugin/photo-gallery/vulnerability/wordpress-photo-gallery-by-10web-plugin-1-8-15-broken-access-control-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "audit@patchstack.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 18:15
Modified
2024-11-21 04:26
Severity ?
Summary
A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "65A6476E-3369-46E2-9D79-7B2A758FC90B",
"versionEndExcluding": "1.5.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de inyecci\u00f3n SQL en el plugin 10Web Photo Gallery anterior a versi\u00f3n 1.5.31 para WordPress. La explotaci\u00f3n con \u00e9xito de esta vulnerabilidad permitir\u00eda a un atacante remoto ejecutar comandos SQL arbitrarios en el sistema afectado por medio del archivo filemanager/model.php."
}
],
"id": "CVE-2019-14313",
"lastModified": "2024-11-21T04:26:28.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T18:15:16.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-101"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2128378"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2128378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9480"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-14 15:15
Modified
2024-11-21 06:38
Severity ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://plugins.trac.wordpress.org/changeset/2672822/photo-gallery#file9 | Patch, Release Notes, Third Party Advisory | |
| contact@wpscan.com | https://wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709c | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plugins.trac.wordpress.org/changeset/2672822/photo-gallery#file9 | Patch, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709c | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "78E10837-43D8-4EB9-B851-4454B231ECAF",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection"
},
{
"lang": "es",
"value": "El plugin Photo Gallery by 10Web de WordPress versiones anteriores a 1.6.0, no comprueba ni escapa del par\u00e1metro bwg_tag_id_bwg_thumbnails_0 antes de usarlo en una sentencia SQL por medio de la acci\u00f3n AJAX bwg_frontend_data (disponible para usuarios autenticados y no autenticados), conllevando a una inyecci\u00f3n SQL no autenticada"
}
],
"id": "CVE-2022-0169",
"lastModified": "2024-11-21T06:38:03.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T15:15:09.570",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/2672822/photo-gallery#file9"
},
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/2672822/photo-gallery#file9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709c"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "contact@wpscan.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-11 09:15
Modified
2025-06-03 14:15
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It can also be exploited with a contributor-level permission with a page builder plugin.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "10B19669-9D27-48C6-8C4E-A88EB50F5EB4",
"versionEndIncluding": "1.8.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It can also be exploited with a contributor-level permission with a page builder plugin."
},
{
"lang": "es",
"value": "El complemento Photo Gallery de 10Web para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de widgets en versiones hasta la 1.8.18 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de administrador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Tambi\u00e9n se puede explotar con un permiso de nivel de colaborador con un complemento de creaci\u00f3n de p\u00e1ginas."
}
],
"id": "CVE-2023-6924",
"lastModified": "2025-06-03T14:15:41.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-11T09:15:53.253",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/Widget.php#L94"
},
{
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/WidgetSlideshow.php#L64"
},
{
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/WidgetTags.php#L58"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3013021/photo-gallery"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21b4d1a1-55fe-4241-820c-203991d724c4?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/Widget.php#L94"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/WidgetSlideshow.php#L64"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/WidgetTags.php#L58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3013021/photo-gallery"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21b4d1a1-55fe-4241-820c-203991d724c4?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-02 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "73F8040E-CFA9-4B34-B209-2E35A597DDCE",
"versionEndIncluding": "1.2.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el plugin Photo Gallery anterior a 1.2.11 para WordPress permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro asc_or_desc en una solicitud para crear galer\u00eda en la p\u00e1gina galleries_bwg en wp-admin/admin.php."
}
],
"id": "CVE-2015-1393",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-02T15:59:07.160",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534569/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534569/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-26 16:15
Modified
2025-04-01 17:37
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "58CE3C46-F773-4577-8A00-83AB7A8442C6",
"versionEndExcluding": "1.8.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue."
},
{
"lang": "es",
"value": "El par\u00e1metro image_url de la llamada AJAX a la acci\u00f3n editimage_bwg de admin-ajax.php es vulnerable al Cross Site Scripting reflejado. El valor del par\u00e1metro image_url est\u00e1 incrustado dentro de un JavaScript existente dentro de la respuesta, lo que permite insertar y ejecutar JavaScript arbitrario. El atacante debe apuntar a un usuario autenticado con permisos para acceder a este componente para aprovechar este problema."
}
],
"id": "CVE-2024-29809",
"lastModified": "2025-04-01T17:37:19.677",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "info@appcheck-ng.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-26T16:15:12.520",
"references": [
{
"source": "info@appcheck-ng.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"source": "info@appcheck-ng.com",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"sourceIdentifier": "info@appcheck-ng.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "info@appcheck-ng.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-08 10:15
Modified
2024-11-21 06:40
Severity ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/f7a0df37-3204-4926-84ec-2204a2f22de3 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/f7a0df37-3204-4926-84ec-2204a2f22de3 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1CEDD8CE-F7A7-4665-AFE9-D3EEC67E4095",
"versionEndExcluding": "1.6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed"
},
{
"lang": "es",
"value": "El plugin Photo Gallery by 10Web de WordPress versiones anteriores a 1.6.4, no comprueba ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como los administradores, llevar a cabo ataques de tipo Cross-Site Scripting cuando unfiltered_html no est\u00e1 permitido"
}
],
"id": "CVE-2022-1394",
"lastModified": "2024-11-21T06:40:38.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-08T10:15:09.347",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/f7a0df37-3204-4926-84ec-2204a2f22de3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/f7a0df37-3204-4926-84ec-2204a2f22de3"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-06 12:15
Modified
2025-03-06 16:18
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "74ABBD36-1A8A-42A8-A762-537565AFD306",
"versionEndExcluding": "1.8.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o \u0027Cross-site Scripting\u0027) en 10Web Photo Gallery de 10Web permite XSS almacenado. Este problema afecta a 10Web Photo Gallery: desde n/a hasta 1.8.27."
}
],
"id": "CVE-2024-44043",
"lastModified": "2025-03-06T16:18:59.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-06T12:15:04.407",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-mobile-friendly-image-gallery-plugin-1-8-27-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "audit@patchstack.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-08 23:15
Modified
2024-11-21 04:30
Severity ?
Summary
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2E60198F-76D7-43B9-8513-3653D5A9835A",
"versionEndExcluding": "1.5.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter."
},
{
"lang": "es",
"value": "La inyecci\u00f3n SQL en el plugin de galer\u00eda de fotos (10Web Photo Gallery) en versiones anteriores a la 1.5.35 para WordPress existe a trav\u00e9s del par\u00e1metro admin/controllers/Albumsgalleries.php album_id."
}
],
"id": "CVE-2019-16119",
"lastModified": "2024-11-21T04:30:05.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-08T23:15:10.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154432/WordPress-Photo-Gallery-1.5.34-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Albumsgalleries.php?old=1845136\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FAlbumsgalleries.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154432/WordPress-Photo-Gallery-1.5.34-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Albumsgalleries.php?old=1845136\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FAlbumsgalleries.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9872"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-26 16:15
Modified
2025-04-09 15:41
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "58CE3C46-F773-4577-8A00-83AB7A8442C6",
"versionEndExcluding": "1.8.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue."
},
{
"lang": "es",
"value": "El par\u00e1metro thumb_url de la llamada AJAX a la acci\u00f3n editimage_bwg de admin-ajax.php es vulnerable al Cross Site Scripting reflejado. El valor del par\u00e1metro thumb_url est\u00e1 incrustado dentro de un JavaScript existente dentro de la respuesta, lo que permite insertar y ejecutar JavaScript arbitrario. El atacante debe apuntar a un usuario autenticado con permisos para acceder a este componente para aprovechar este problema."
}
],
"id": "CVE-2024-29810",
"lastModified": "2025-04-09T15:41:36.520",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "info@appcheck-ng.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-26T16:15:12.707",
"references": [
{
"source": "info@appcheck-ng.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"source": "info@appcheck-ng.com",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"sourceIdentifier": "info@appcheck-ng.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "info@appcheck-ng.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-08 23:15
Modified
2024-11-21 04:30
Severity ?
Summary
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2E60198F-76D7-43B9-8513-3653D5A9835A",
"versionEndExcluding": "1.5.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php."
},
{
"lang": "es",
"value": "Secuencias de comandos de sitios cruzados (XSS) en el complemento de galer\u00eda de fotos (10Web Photo Gallery) anterior de la versi\u00f3n 1.5.35 para WordPress existe a trav\u00e9s de admin / models / Galleries.php."
}
],
"id": "CVE-2019-16117",
"lastModified": "2024-11-21T04:30:04.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-08T23:15:10.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/models/Galleries.php?old=2135029\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fmodels%2FGalleries.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/models/Galleries.php?old=2135029\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fmodels%2FGalleries.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9872"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-02 16:15
Modified
2024-11-21 06:40
Severity ?
Summary
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "58E63EC8-8A75-4455-8127-949EA348B4E4",
"versionEndIncluding": "1.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST[\u0027filter_tag\u0027] parameter, which is appended to an SQL query, making SQL Injection attacks possible."
},
{
"lang": "es",
"value": "El plugin Photo Gallery de WordPress versiones hasta 1.6.3, no escapa apropiadamente del par\u00e1metro $_POST[\"filter_tag\"], que es anexado a una consulta SQL, haciendo posible ataques de inyecci\u00f3n SQL"
}
],
"id": "CVE-2022-1281",
"lastModified": "2024-11-21T06:40:24.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-02T16:15:09.073",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/2706797/photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php?old=2587758\u0026old_path=photo-gallery%2Ftrunk%2Ffrontend%2Fmodels%2FBWGModelGalleryBox.php"
},
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/2b4866f2-f511-41c6-8135-cf1e0263d8de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/2706797/photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php?old=2587758\u0026old_path=photo-gallery%2Ftrunk%2Ffrontend%2Fmodels%2FBWGModelGalleryBox.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/2b4866f2-f511-41c6-8135-cf1e0263d8de"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "contact@wpscan.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-25 17:15
Modified
2024-11-21 05:40
Severity ?
Summary
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://wordpress.org/plugins/photo-gallery/#developers | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://wpvulndb.com/vulnerabilities/10088 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/photo-gallery/#developers | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpvulndb.com/vulnerabilities/10088 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B4C1EBAD-AF87-4A00-B17E-171AD6FEAE98",
"versionEndExcluding": "1.5.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo XSS almacenado se presentan en el plugin 10Web Photo Gallery versiones anteriores a 1.5.46 en WordPress. Una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad permitir\u00eda a un usuario administrador autentificado inyectar c\u00f3digo JavaScript arbitrario que es visualizado por otros usuarios."
}
],
"id": "CVE-2020-9335",
"lastModified": "2024-11-21T05:40:25.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-25T17:15:13.650",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/10088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/10088"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-09 14:15
Modified
2024-11-21 04:27
Severity ?
Summary
The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://wordpress.org/plugins/photo-gallery/#developers | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/photo-gallery/#developers | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A0A3F6A5-C8F2-437F-B9F4-8FA69B461843",
"versionEndExcluding": "1.5.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS."
},
{
"lang": "es",
"value": "El plugin 10Web Photo Gallery en versiones anteriores a 1.5.23 para WordPress, presenta una vulnerabilidad de tipo XSS almacenado autenticado."
}
],
"id": "CVE-2019-14797",
"lastModified": "2024-11-21T04:27:22.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-09T14:15:11.693",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-14 12:15
Modified
2024-11-21 05:52
Severity ?
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://packetstormsecurity.com/files/162227/ | Exploit, Third Party Advisory, VDB Entry | |
| contact@wpscan.com | https://wpscan.com/vulnerability/cfb982b2-8b6d-4345-b3ab-3d2b130b873a | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/162227/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/cfb982b2-8b6d-4345-b3ab-3d2b130b873a | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CE31ABA2-4259-4A3B-8163-5571D7D9539C",
"versionEndExcluding": "1.5.69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)"
},
{
"lang": "es",
"value": "El plugin de WordPress The Photo Gallery by 10Web - Mobile-Friendly Image Gallery, versiones anteriores a 1.5.69, era vulnerable a problemas de tipo cross-site scripting (XSS) reflejado mediante los par\u00e1metros GET gallery_id, tag, album_id y _id pasados ??en la acci\u00f3n AJAX bwg_frontend_data (disponible para usuarios autenticados y no autenticados)"
}
],
"id": "CVE-2021-24291",
"lastModified": "2024-11-21T05:52:46.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-14T12:15:08.523",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/162227/"
},
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/cfb982b2-8b6d-4345-b3ab-3d2b130b873a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/162227/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/cfb982b2-8b6d-4345-b3ab-3d2b130b873a"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-18 15:15
Modified
2024-11-21 05:52
Severity ?
Summary
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1AAC8C97-FA5C-4909-99C9-609A81F0CF91",
"versionEndExcluding": "1.5.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter."
},
{
"lang": "es",
"value": "Una entrada no comprobada en el plugin Photo Gallery de WordPress (10Web Photo Gallery), versiones anteriores a 1.5.55, conlleva a una inyecci\u00f3n SQL por medio del par\u00e1metro bwg_search_x en el archivo frontend/models/model.php"
}
],
"id": "CVE-2021-24139",
"lastModified": "2024-11-21T05:52:26.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-18T15:15:14.900",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 15:16
Modified
2025-03-06 16:20
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7280D213-9E4E-4872-95FE-4220EF8113E4",
"versionEndExcluding": "1.8.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Photo Gallery Team Photo Gallery de 10Web. Este problema afecta a Photo Gallery de 10Web: desde n/a hasta 1.8.24."
}
],
"id": "CVE-2024-35628",
"lastModified": "2025-03-06T16:20:17.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-11T15:16:07.840",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-23-broken-access-control-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-23-broken-access-control-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "audit@patchstack.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-05 10:21
Modified
2024-11-08 15:25
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9F46FE72-6A51-4652-B150-FE2009752353",
"versionEndExcluding": "1.8.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
},
{
"lang": "es",
"value": "El complemento Photo Gallery de 10Web \u2013 Mobile-Friendly Image Gallery para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en todas las versiones hasta la 1.8.30 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con permisos de nivel de administrador o superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a instalaciones multisitio e instalaciones en las que se ha deshabilitado unfiltered_html."
}
],
"id": "CVE-2024-9878",
"lastModified": "2024-11-08T15:25:45.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-05T10:21:16.540",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/179357/WordPress-Photo-Gallery-1.8.26-Cross-Site-Scripting.html"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3180567%40photo-gallery%2Ftrunk\u0026old=3171538%40photo-gallery%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file12"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bfa1192b-34f5-4b71-8fff-14f2d4ac4aca?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@wordfence.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-09 06:15
Modified
2025-05-06 18:21
Severity ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/db73e8d8-feb1-4daa-937e-a73969a93bcc/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "74ABBD36-1A8A-42A8-A762-537565AFD306",
"versionEndExcluding": "1.8.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento Photo Gallery by 10Web de WordPress anterior a la versi\u00f3n 1.8.28 no desinfecta ni escapa adecuadamente algunas de las configuraciones de la galer\u00eda, lo que podr\u00eda permitir que usuarios con privilegios elevados, como el administrador, realicen ataques de Cross-site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"id": "CVE-2024-5968",
"lastModified": "2025-05-06T18:21:40.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-10-09T06:15:13.563",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/db73e8d8-feb1-4daa-937e-a73969a93bcc/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-08 17:15
Modified
2024-11-21 02:25
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "190DD3A7-3F0A-4EEE-BEE0-C6907F00884D",
"versionEndExcluding": "1.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el plugin Photo Gallery versiones anteriores a 1.2.11 para WordPress, permiten a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio de los par\u00e1metros (1) sort_by, (2) sort_order, (3) items_view, (4 ) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src o (8) clipboard_dest en una acci\u00f3n addImages en el archivo wp-admin/admin-ajax.php."
}
],
"id": "CVE-2015-1394",
"lastModified": "2024-11-21T02:25:20.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-08T17:15:11.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/1073334/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2015/Jan/140"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/photo-gallery/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/1073334/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2015/Jan/140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/photo-gallery/changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-24 06:15
Modified
2025-05-13 20:08
Severity ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/5b3bf87b-73a1-47e8-bb00-0dfded07b191/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "59E3ED8A-1DA0-4D23-AD89-99F38A39CE54",
"versionEndExcluding": "1.8.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
},
{
"lang": "es",
"value": "El complemento Photo Gallery de 10Web para WordPress anterior a la versi\u00f3n 1.8.33 no depura ni escapa de algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados como el administrador realizar ataques de cross site scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n de varios sitios)."
}
],
"id": "CVE-2024-13124",
"lastModified": "2025-05-13T20:08:31.687",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-03-24T06:15:12.790",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/5b3bf87b-73a1-47e8-bb00-0dfded07b191/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-28 15:29
Modified
2025-04-20 01:37
Severity ?
Summary
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/130104/Photo-Gallery-1.2.5-Shell-Upload.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://packetstormsecurity.com/files/130384/WordPress-Photo-Gallery-1.2.5-Unrestricted-File-Upload.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/72620 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/130104/Photo-Gallery-1.2.5-Shell-Upload.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/130384/WordPress-Photo-Gallery-1.2.5-Unrestricted-File-Upload.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/72620 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | 1.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:1.2.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "206A726B-FF80-444B-91A0-E92AEB66AF42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted File Upload vulnerability in Photo Gallery 1.2.5."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de subida de archivos sin restricciones en Photo Gallery 1.2.5."
}
],
"id": "CVE-2014-9312",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-28T15:29:00.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/130104/Photo-Gallery-1.2.5-Shell-Upload.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/130384/WordPress-Photo-Gallery-1.2.5-Unrestricted-File-Upload.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/130104/Photo-Gallery-1.2.5-Shell-Upload.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/130384/WordPress-Photo-Gallery-1.2.5-Unrestricted-File-Upload.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72620"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-17 13:15
Modified
2025-02-06 16:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9CABF93C-D672-4711-AA74-F220C571EED2",
"versionEndExcluding": "1.8.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector."
}
],
"id": "CVE-2023-1427",
"lastModified": "2025-02-06T16:15:32.867",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-17T13:15:38.440",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified"
}
Vulnerability from fkie_nvd
Published
2023-06-07 14:15
Modified
2024-11-21 06:34
Severity ?
Summary
The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/162227/WordPress-Photo-Gallery-1.5.69-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/162227/WordPress-Photo-Gallery-1.5.69-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E4C069B0-4C43-45BA-8AD2-D6DDAE195A70",
"versionEndIncluding": "1.5.69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693."
}
],
"id": "CVE-2021-46889",
"lastModified": "2024-11-21T06:34:51.703",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-07T14:15:09.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/162227/WordPress-Photo-Gallery-1.5.69-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/162227/WordPress-Photo-Gallery-1.5.69-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-31 06:15
Modified
2025-05-13 13:29
Severity ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/22be2b44-cd42-4b02-8448-59dd2989dde1/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "DCDE6258-B97A-47EB-B656-163C30C7CE6F",
"versionEndExcluding": "1.8.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed"
},
{
"lang": "es",
"value": "El complemento Photo Gallery de 10Web para WordPress anterior a la versi\u00f3n 1.8.34 no depura ni escapa los comentarios agregados en im\u00e1genes por usuarios no autenticados, lo que genera un ataque XSS almacenado no autenticado cuando se muestran los comentarios. "
}
],
"id": "CVE-2025-0613",
"lastModified": "2025-05-13T13:29:46.120",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-03-31T06:15:29.463",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/22be2b44-cd42-4b02-8448-59dd2989dde1/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-18 10:15
Modified
2025-03-06 15:55
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "58CE3C46-F773-4577-8A00-83AB7A8442C6",
"versionEndExcluding": "1.8.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\u0027Cross-site Scripting\u0027) en Photo Gallery Team Photo Gallery de 10Web permite Reflected XSS. Este problema afecta a Photo Gallery de 10Web: desde n/a hasta 1.8.21."
}
],
"id": "CVE-2024-32583",
"lastModified": "2025-03-06T15:55:50.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-18T10:15:13.920",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-21-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-21-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "audit@patchstack.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-09 14:15
Modified
2024-11-21 04:27
Severity ?
Summary
The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://wordpress.org/plugins/photo-gallery/#developers | Third Party Advisory | |
| cve@mitre.org | https://wpvulndb.com/vulnerabilities/9361 | Third Party Advisory | |
| cve@mitre.org | https://www.pluginvulnerabilities.com/2019/05/14/authenticated-local-file-inclusion-lfi-vulnerability-in-photo-gallery-by-10web/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/photo-gallery/#developers | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpvulndb.com/vulnerabilities/9361 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.pluginvulnerabilities.com/2019/05/14/authenticated-local-file-inclusion-lfi-vulnerability-in-photo-gallery-by-10web/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "50557D27-CCDC-4F3D-91A1-36F4E42E70DE",
"versionEndExcluding": "1.5.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter."
},
{
"lang": "es",
"value": "El plugin 10Web Photo Gallery en versiones anteriores a 1.5.25 para WordPress, presenta una Inclusi\u00f3n de Archivos Locales Autenticada por medio de un salto de directorio en el par\u00e1metro wp-admin/admin-ajax.php?action=shortcode_bwg tagtext."
}
],
"id": "CVE-2019-14798",
"lastModified": "2024-11-21T04:27:22.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-09T14:15:11.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9361"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.pluginvulnerabilities.com/2019/05/14/authenticated-local-file-inclusion-lfi-vulnerability-in-photo-gallery-by-10web/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpvulndb.com/vulnerabilities/9361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.pluginvulnerabilities.com/2019/05/14/authenticated-local-file-inclusion-lfi-vulnerability-in-photo-gallery-by-10web/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-15 20:15
Modified
2025-06-04 20:08
Severity ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/50665594-778b-42f5-bfba-2a249a5e0260/ | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://wpscan.com/vulnerability/50665594-778b-42f5-bfba-2a249a5e0260/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "39BD6724-4999-4E18-BAD9-7E4468389C5C",
"versionEndExcluding": "1.8.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
},
{
"lang": "es",
"value": "El complemento Photo Gallery de 10Web para WordPress anterior a la versi\u00f3n 1.8.29 no depura ni escapa de algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados como el administrador realizar ataques de Cross-Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n de varios sitios)."
}
],
"id": "CVE-2024-8670",
"lastModified": "2025-06-04T20:08:00.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-15T20:15:59.303",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/50665594-778b-42f5-bfba-2a249a5e0260/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/50665594-778b-42f5-bfba-2a249a5e0260/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-26 16:15
Modified
2025-04-01 17:44
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 10web | photo_gallery | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "58CE3C46-F773-4577-8A00-83AB7A8442C6",
"versionEndExcluding": "1.8.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue."
},
{
"lang": "es",
"value": "El par\u00e1metro image_id de la llamada AJAX a la acci\u00f3n editimage_bwg de admin-ajax.php es vulnerable al Cross Site Scripting reflejado. El valor del par\u00e1metro image_id est\u00e1 incrustado dentro de un JavaScript existente dentro de la respuesta, lo que permite insertar y ejecutar JavaScript arbitrario. El atacante debe apuntar a un usuario autenticado con permisos para acceder a este componente para aprovechar este problema."
}
],
"id": "CVE-2024-29808",
"lastModified": "2025-04-01T17:44:53.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "info@appcheck-ng.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-26T16:15:12.323",
"references": [
{
"source": "info@appcheck-ng.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"source": "info@appcheck-ng.com",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"sourceIdentifier": "info@appcheck-ng.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "info@appcheck-ng.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2017-12977 (GCVE-0-2017-12977)
Vulnerability from cvelistv5
Published
2017-08-21 01:00
Modified
2024-09-16 19:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wordpress.org/plugins/photo-gallery/#developers | x_refsource_MISC | |
| https://github.com/jgj212/Advisories/blob/master/photo-gallery.1.3.50-SQL | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jgj212/Advisories/blob/master/photo-gallery.1.3.50-SQL"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Web-Dorado \"Photo Gallery by WD - Responsive Photo Gallery\" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-21T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jgj212/Advisories/blob/master/photo-gallery.1.3.50-SQL"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web-Dorado \"Photo Gallery by WD - Responsive Photo Gallery\" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/photo-gallery/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"name": "https://github.com/jgj212/Advisories/blob/master/photo-gallery.1.3.50-SQL",
"refsource": "MISC",
"url": "https://github.com/jgj212/Advisories/blob/master/photo-gallery.1.3.50-SQL"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12977",
"datePublished": "2017-08-21T01:00:00Z",
"dateReserved": "2017-08-20T00:00:00Z",
"dateUpdated": "2024-09-16T19:11:00.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24139 (GCVE-0-2021-24139)
Vulnerability from cvelistv5
Published
2021-03-18 14:57
Modified
2024-08-03 19:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Photo Gallery by 10Web |
Version: 1.5.55 < 1.5.55 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Gallery by 10Web",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.55",
"status": "affected",
"version": "1.5.55",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T14:57:49",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Photo Gallery by 10Web \u003c 1.5.55 - Unauthenticated SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24139",
"STATE": "PUBLIC",
"TITLE": "Photo Gallery by 10Web \u003c 1.5.55 - Unauthenticated SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Gallery by 10Web",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.55",
"version_value": "1.5.55"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24139",
"datePublished": "2021-03-18T14:57:49",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13124 (GCVE-0-2024-13124)
Vulnerability from cvelistv5
Published
2025-03-24 06:00
Modified
2025-03-24 18:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/5b3bf87b-73a1-47e8-bb00-0dfded07b191/ | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Photo Gallery by 10Web |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13124",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T18:08:08.470490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:08:14.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Photo Gallery by 10Web",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.8.33",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T06:00:07.091Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/5b3bf87b-73a1-47e8-bb00-0dfded07b191/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Photo Gallery by 10Web \u003c 1.8.33 - Admin+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-13124",
"datePublished": "2025-03-24T06:00:07.091Z",
"dateReserved": "2025-01-02T18:22:13.232Z",
"dateUpdated": "2025-03-24T18:08:14.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32583 (GCVE-0-2024-32583)
Vulnerability from cvelistv5
Published
2024-04-18 09:20
Modified
2024-08-02 02:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Photo Gallery Team | Photo Gallery by 10Web |
Version: n/a < |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:10web:photo_gallery:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "photo_gallery",
"vendor": "10web",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T19:25:25.255653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:07.807Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:39.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-21-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "photo-gallery",
"product": "Photo Gallery by 10Web",
"vendor": "Photo Gallery Team",
"versions": [
{
"changes": [
{
"at": "1.8.22",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.8.21",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Steven Julian (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.\u003cp\u003eThis issue affects Photo Gallery by 10Web: from n/a through 1.8.21.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-18T09:20:08.700Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-21-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.8.22 or a higher version."
}
],
"value": "Update to 1.8.22 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Photo Gallery by 10Web plugin \u003c= 1.8.21 - Reflected Cross Site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32583",
"datePublished": "2024-04-18T09:20:08.700Z",
"dateReserved": "2024-04-15T10:15:58.903Z",
"dateUpdated": "2024-08-02T02:13:39.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16118 (GCVE-0-2019-16118)
Vulnerability from cvelistv5
Published
2019-09-08 22:49
Modified
2024-08-05 01:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Options.php?old=2142624\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FOptions.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/js/bwg.js?old=2135029\u0026old_path=photo-gallery%2Ftrunk%2Fjs%2Fbwg.js"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9872"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-11T00:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Options.php?old=2142624\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FOptions.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/js/bwg.js?old=2135029\u0026old_path=photo-gallery%2Ftrunk%2Fjs%2Fbwg.js"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9872"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/photo-gallery/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Options.php?old=2142624\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FOptions.php",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Options.php?old=2142624\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FOptions.php"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/js/bwg.js?old=2135029\u0026old_path=photo-gallery%2Ftrunk%2Fjs%2Fbwg.js",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/js/bwg.js?old=2135029\u0026old_path=photo-gallery%2Ftrunk%2Fjs%2Fbwg.js"
},
{
"name": "https://wpvulndb.com/vulnerabilities/9872",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9872"
},
{
"name": "http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16118",
"datePublished": "2019-09-08T22:49:11",
"dateReserved": "2019-09-08T00:00:00",
"dateUpdated": "2024-08-05T01:03:32.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46889 (GCVE-0-2021-46889)
Vulnerability from cvelistv5
Published
2023-06-07 00:00
Modified
2024-08-04 05:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/162227/WordPress-Photo-Gallery-1.5.69-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://packetstormsecurity.com/files/162227/WordPress-Photo-Gallery-1.5.69-Cross-Site-Scripting.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46889",
"datePublished": "2023-06-07T00:00:00",
"dateReserved": "2023-06-07T00:00:00",
"dateUpdated": "2024-08-04T05:17:42.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8670 (GCVE-0-2024-8670)
Vulnerability from cvelistv5
Published
2025-05-15 20:07
Modified
2025-05-20 18:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/50665594-778b-42f5-bfba-2a249a5e0260/ | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Photo Gallery by 10Web |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-8670",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T18:42:56.704157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T18:43:34.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://wpscan.com/vulnerability/50665594-778b-42f5-bfba-2a249a5e0260/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Photo Gallery by 10Web",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.8.29",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T20:07:17.244Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/50665594-778b-42f5-bfba-2a249a5e0260/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Photo Gallery by 10Web \u003c 1.8.29 - Admin+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-8670",
"datePublished": "2025-05-15T20:07:17.244Z",
"dateReserved": "2024-09-10T17:51:14.607Z",
"dateUpdated": "2025-05-20T18:43:34.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1393 (GCVE-0-2015-1393)
Vulnerability from cvelistv5
Published
2015-02-02 15:00
Modified
2024-08-06 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/534569/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150128 [CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534569/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150128 [CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534569/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150128 [CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534569/100/0/threaded"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1393",
"datePublished": "2015-02-02T15:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24362 (GCVE-0-2021-24362)
Vulnerability from cvelistv5
Published
2021-08-16 10:48
Modified
2024-08-03 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly (ie in the /wp-content/uploads/photo-gallery/ folder), leading to a Cross-Site Scripting (XSS) issue
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/57823dcb-2149-47f7-aae2-d9f04dce851a | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Photo Gallery by 10Web – Mobile-Friendly Image Gallery |
Version: 1.5.75 < 1.5.75 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/57823dcb-2149-47f7-aae2-d9f04dce851a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.75",
"status": "affected",
"version": "1.5.75",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "avolume"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly (ie in the /wp-content/uploads/photo-gallery/ folder), leading to a Cross-Site Scripting (XSS) issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-16T10:48:16",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/57823dcb-2149-47f7-aae2-d9f04dce851a"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Photo Gallery \u003c 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24362",
"STATE": "PUBLIC",
"TITLE": "Photo Gallery \u003c 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.75",
"version_value": "1.5.75"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "avolume"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly (ie in the /wp-content/uploads/photo-gallery/ folder), leading to a Cross-Site Scripting (XSS) issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/57823dcb-2149-47f7-aae2-d9f04dce851a",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/57823dcb-2149-47f7-aae2-d9f04dce851a"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24362",
"datePublished": "2021-08-16T10:48:16",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14313 (GCVE-0-2019-14313)
Vulnerability from cvelistv5
Published
2019-07-30 17:31
Modified
2024-08-05 00:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wordpress.org/plugins/photo-gallery/#developers | x_refsource_CONFIRM | |
| https://plugins.trac.wordpress.org/changeset/2128378 | x_refsource_CONFIRM | |
| https://fortiguard.com/zeroday/FG-VD-19-101 | x_refsource_MISC | |
| https://wpvulndb.com/vulnerabilities/9480 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2128378"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-101"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9480"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T16:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2128378"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fortiguard.com/zeroday/FG-VD-19-101"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9480"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/photo-gallery/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2128378",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2128378"
},
{
"name": "https://fortiguard.com/zeroday/FG-VD-19-101",
"refsource": "MISC",
"url": "https://fortiguard.com/zeroday/FG-VD-19-101"
},
{
"name": "https://wpvulndb.com/vulnerabilities/9480",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9480"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14313",
"datePublished": "2019-07-30T17:31:06",
"dateReserved": "2019-07-27T00:00:00",
"dateUpdated": "2024-08-05T00:12:43.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16117 (GCVE-0-2019-16117)
Vulnerability from cvelistv5
Published
2019-09-08 22:49
Modified
2024-08-05 01:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/models/Galleries.php?old=2135029\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fmodels%2FGalleries.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9872"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-11T00:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/models/Galleries.php?old=2135029\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fmodels%2FGalleries.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9872"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/photo-gallery/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/models/Galleries.php?old=2135029\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fmodels%2FGalleries.php",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/models/Galleries.php?old=2135029\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fmodels%2FGalleries.php"
},
{
"name": "https://wpvulndb.com/vulnerabilities/9872",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9872"
},
{
"name": "http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16117",
"datePublished": "2019-09-08T22:49:24",
"dateReserved": "2019-09-08T00:00:00",
"dateUpdated": "2024-08-05T01:03:32.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0613 (GCVE-0-2025-0613)
Vulnerability from cvelistv5
Published
2025-03-31 06:00
Modified
2025-03-31 14:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/22be2b44-cd42-4b02-8448-59dd2989dde1/ | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Photo Gallery by 10Web |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-0613",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T12:47:20.060904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T14:59:55.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Photo Gallery by 10Web",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.8.34",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T06:00:01.529Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/22be2b44-cd42-4b02-8448-59dd2989dde1/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Photo Gallery \u003c 1.8.34 - Unauthenticated Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2025-0613",
"datePublished": "2025-03-31T06:00:01.529Z",
"dateReserved": "2025-01-21T07:29:07.408Z",
"dateUpdated": "2025-03-31T14:59:55.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14797 (GCVE-0-2019-14797)
Vulnerability from cvelistv5
Published
2019-08-09 13:30
Modified
2024-08-05 00:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wordpress.org/plugins/photo-gallery/#developers | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-09T13:30:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/photo-gallery/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14797",
"datePublished": "2019-08-09T13:30:40",
"dateReserved": "2019-08-09T00:00:00",
"dateUpdated": "2024-08-05T00:26:39.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24363 (GCVE-0-2021-24363)
Vulnerability from cvelistv5
Published
2021-08-16 10:48
Modified
2024-08-03 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/1628935f-1d7d-4609-b7a9-e5526499c974 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Photo Gallery by 10Web – Mobile-Friendly Image Gallery |
Version: 1.5.75 < 1.5.75 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1628935f-1d7d-4609-b7a9-e5526499c974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.75",
"status": "affected",
"version": "1.5.75",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "avolume"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-16T10:48:17",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/1628935f-1d7d-4609-b7a9-e5526499c974"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Photo Gallery \u003c 1.5.75 - File Upload Path Traversal",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24363",
"STATE": "PUBLIC",
"TITLE": "Photo Gallery \u003c 1.5.75 - File Upload Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.75",
"version_value": "1.5.75"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "avolume"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/1628935f-1d7d-4609-b7a9-e5526499c974",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1628935f-1d7d-4609-b7a9-e5526499c974"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24363",
"datePublished": "2021-08-16T10:48:17",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2324 (GCVE-0-2015-2324)
Vulnerability from cvelistv5
Published
2018-02-19 19:00
Modified
2024-08-06 05:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt | x_refsource_CONFIRM | |
| https://fortiguard.com/zeroday/FG-VD-15-009 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:15.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-19T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt",
"refsource": "CONFIRM",
"url": "https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt"
},
{
"name": "https://fortiguard.com/zeroday/FG-VD-15-009",
"refsource": "MISC",
"url": "https://fortiguard.com/zeroday/FG-VD-15-009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2324",
"datePublished": "2018-02-19T19:00:00",
"dateReserved": "2015-03-18T00:00:00",
"dateUpdated": "2024-08-06T05:10:15.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5481 (GCVE-0-2024-5481)
Vulnerability from cvelistv5
Published
2024-06-07 09:33
Modified
2024-08-01 21:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the server, which can contain sensitive information, and to cut (delete) arbitrary directories, including the root WordPress directory. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery edit permissions to lower level users, which might make this exploitable by users as low as contributors.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 10web | Photo Gallery by 10Web – Mobile-Friendly Image Gallery |
Version: * ≤ 1.8.23 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:35:17.646938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T18:36:39.514Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76c38826-4d49-4204-b6b6-b01d01373fa9?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L178"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L512"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L436"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3098798/"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"vendor": "10web",
"versions": [
{
"lessThanOrEqual": "1.8.23",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias Wei\u00dfhaar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the server, which can contain sensitive information, and to cut (delete) arbitrary directories, including the root WordPress directory. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery edit permissions to lower level users, which might make this exploitable by users as low as contributors."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-35 Path Traversal: \u0027.../...//\u0027",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T09:33:36.357Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76c38826-4d49-4204-b6b6-b01d01373fa9?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L178"
},
{
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L512"
},
{
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L436"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3098798/"
},
{
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-06T21:19:21.000+00:00",
"value": "Disclosed"
}
],
"title": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery \u003c= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-5481",
"datePublished": "2024-06-07T09:33:36.357Z",
"dateReserved": "2024-05-29T18:04:13.803Z",
"dateUpdated": "2024-08-01T21:11:12.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0221 (GCVE-0-2024-0221)
Vulnerability from cvelistv5
Published
2024-02-05 21:21
Modified
2024-08-21 17:50
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 10web | Photo Gallery by 10Web – Mobile-Friendly Image Gallery |
Version: * ≤ 1.8.19 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L441"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L291"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3022981%40photo-gallery%2Ftrunk\u0026old=3013021%40photo-gallery%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "photo_gallery",
"vendor": "10web",
"versions": [
{
"lessThanOrEqual": "1.8.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T14:53:53.625270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T17:50:04.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"vendor": "10web",
"versions": [
{
"lessThanOrEqual": "1.8.19",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bence Szalai"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T21:21:40.205Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L441"
},
{
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L291"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3022981%40photo-gallery%2Ftrunk\u0026old=3013021%40photo-gallery%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-19T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0221",
"datePublished": "2024-02-05T21:21:40.205Z",
"dateReserved": "2024-01-03T17:13:13.386Z",
"dateUpdated": "2024-08-21T17:50:04.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1055 (GCVE-0-2015-1055)
Vulnerability from cvelistv5
Published
2015-01-16 15:00
Modified
2024-09-16 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/72015 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2015/Jan/36 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:19.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "72015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72015"
},
{
"name": "20150112 Wordpress Photo Gallery 1.2.7 unauthenticated SQL injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-16T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "72015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72015"
},
{
"name": "20150112 Wordpress Photo Gallery 1.2.7 unauthenticated SQL injection",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/36"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72015"
},
{
"name": "20150112 Wordpress Photo Gallery 1.2.7 unauthenticated SQL injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/36"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1055",
"datePublished": "2015-01-16T15:00:00Z",
"dateReserved": "2015-01-16T00:00:00Z",
"dateUpdated": "2024-09-16T16:38:56.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24310 (GCVE-0-2021-24310)
Vulnerability from cvelistv5
Published
2021-06-01 11:33
Modified
2024-08-03 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 10Web | Photo Gallery by 10Web – Mobile-Friendly Image Gallery |
Version: 1.5.67 < 1.5.67 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"vendor": "10Web",
"versions": [
{
"lessThan": "1.5.67",
"status": "affected",
"version": "1.5.67",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "avolume"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T11:33:29",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Photo Gallery \u003c 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24310",
"STATE": "PUBLIC",
"TITLE": "Photo Gallery \u003c 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.67",
"version_value": "1.5.67"
}
]
}
}
]
},
"vendor_name": "10Web"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "avolume"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin before 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the affected gallery in the admin dashboard. This is due to an incomplete fix of CVE-2019-16117"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/f34096ec-b1b0-471d-88a4-4699178a3165"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24310",
"datePublished": "2021-06-01T11:33:29",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9312 (GCVE-0-2014-9312)
Vulnerability from cvelistv5
Published
2017-08-28 15:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/130104/Photo-Gallery-1.2.5-Shell-Upload.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/72620 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/130384/WordPress-Photo-Gallery-1.2.5-Unrestricted-File-Upload.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130104/Photo-Gallery-1.2.5-Shell-Upload.html"
},
{
"name": "72620",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72620"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130384/WordPress-Photo-Gallery-1.2.5-Unrestricted-File-Upload.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted File Upload vulnerability in Photo Gallery 1.2.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130104/Photo-Gallery-1.2.5-Shell-Upload.html"
},
{
"name": "72620",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72620"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130384/WordPress-Photo-Gallery-1.2.5-Unrestricted-File-Upload.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted File Upload vulnerability in Photo Gallery 1.2.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130104/Photo-Gallery-1.2.5-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130104/Photo-Gallery-1.2.5-Shell-Upload.html"
},
{
"name": "72620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72620"
},
{
"name": "http://packetstormsecurity.com/files/130384/WordPress-Photo-Gallery-1.2.5-Unrestricted-File-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130384/WordPress-Photo-Gallery-1.2.5-Unrestricted-File-Upload.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9312",
"datePublished": "2017-08-28T15:00:00",
"dateReserved": "2014-12-07T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29810 (GCVE-0-2024-29810)
Vulnerability from cvelistv5
Published
2024-03-26 15:28
Modified
2024-08-02 16:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 10Web | PhotoGallery |
Version: 1.0.1 ≤ 1.8.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:17:58.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:10web:photo_gallery:1.0.1:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "photo_gallery",
"vendor": "10web",
"versions": [
{
"lessThanOrEqual": "1.8.21",
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T16:44:09.126871Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T16:44:14.472Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PhotoGallery",
"vendor": "10Web",
"versions": [
{
"lessThanOrEqual": "1.8.21",
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AppCheck Ltd."
}
],
"descriptions": [
{
"lang": "en",
"value": "The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63: Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:28:58.519Z",
"orgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"shortName": "AppCheck"
},
"references": [
{
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"title": "WordPress Photo Gallery Plugin \u003c= 1.8.21 Reflected Cross Site Scripting in editimage_bwg thumb_url",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"assignerShortName": "AppCheck",
"cveId": "CVE-2024-29810",
"datePublished": "2024-03-26T15:28:58.519Z",
"dateReserved": "2024-03-19T16:26:38.385Z",
"dateUpdated": "2024-08-02T16:44:14.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5426 (GCVE-0-2024-5426)
Vulnerability from cvelistv5
Published
2024-06-07 09:33
Modified
2024-08-01 21:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure Photo Gallery can be extended to contributors on pro versions of the plugin.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 10web | Photo Gallery by 10Web – Mobile-Friendly Image Gallery |
Version: * ≤ 1.8.23 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T18:26:21.886773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T18:26:36.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/13436238-f14a-445b-9a9b-fbcf23b7b498?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/UploadHandler.php#L521"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/UploadHandler.php#L542"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3098798/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"vendor": "10web",
"versions": [
{
"lessThanOrEqual": "1.8.23",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias Wei\u00dfhaar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018svg\u2019 parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure Photo Gallery can be extended to contributors on pro versions of the plugin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T09:33:35.276Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/13436238-f14a-445b-9a9b-fbcf23b7b498?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/UploadHandler.php#L521"
},
{
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/UploadHandler.php#L542"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3098798/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-06T21:15:26.000+00:00",
"value": "Disclosed"
}
],
"title": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery \u003c= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-5426",
"datePublished": "2024-06-07T09:33:35.276Z",
"dateReserved": "2024-05-27T19:35:22.878Z",
"dateUpdated": "2024-08-01T21:11:12.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29808 (GCVE-0-2024-29808)
Vulnerability from cvelistv5
Published
2024-03-26 15:26
Modified
2024-08-02 16:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 10Web | PhotoGallery |
Version: 1.0.1 ≤ 1.8.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:17:57.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:10web:photo_gallery:1.0.1:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "photo_gallery",
"vendor": "10web",
"versions": [
{
"lessThanOrEqual": "1.8.21",
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29808",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T16:42:50.023989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T16:42:56.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PhotoGallery",
"vendor": "10Web",
"versions": [
{
"lessThanOrEqual": "1.8.21",
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AppCheck Ltd."
}
],
"descriptions": [
{
"lang": "en",
"value": "The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_id parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63: Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:26:34.537Z",
"orgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"shortName": "AppCheck"
},
"references": [
{
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"title": "WordPress Photo Gallery Plugin \u003c= 1.8.21 Reflected Cross Site Scripting in editimage_bwg image_id",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"assignerShortName": "AppCheck",
"cveId": "CVE-2024-29808",
"datePublished": "2024-03-26T15:26:34.537Z",
"dateReserved": "2024-03-19T16:26:38.384Z",
"dateUpdated": "2024-08-02T16:42:56.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14798 (GCVE-0-2019-14798)
Vulnerability from cvelistv5
Published
2019-08-09 13:29
Modified
2024-08-05 00:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wordpress.org/plugins/photo-gallery/#developers | x_refsource_MISC | |
| https://www.pluginvulnerabilities.com/2019/05/14/authenticated-local-file-inclusion-lfi-vulnerability-in-photo-gallery-by-10web/ | x_refsource_MISC | |
| https://wpvulndb.com/vulnerabilities/9361 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pluginvulnerabilities.com/2019/05/14/authenticated-local-file-inclusion-lfi-vulnerability-in-photo-gallery-by-10web/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9361"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T08:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pluginvulnerabilities.com/2019/05/14/authenticated-local-file-inclusion-lfi-vulnerability-in-photo-gallery-by-10web/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9361"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/photo-gallery/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"name": "https://www.pluginvulnerabilities.com/2019/05/14/authenticated-local-file-inclusion-lfi-vulnerability-in-photo-gallery-by-10web/",
"refsource": "MISC",
"url": "https://www.pluginvulnerabilities.com/2019/05/14/authenticated-local-file-inclusion-lfi-vulnerability-in-photo-gallery-by-10web/"
},
{
"name": "https://wpvulndb.com/vulnerabilities/9361",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9361"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14798",
"datePublished": "2019-08-09T13:29:40",
"dateReserved": "2019-08-09T00:00:00",
"dateUpdated": "2024-08-05T00:26:39.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1282 (GCVE-0-2022-1282)
Vulnerability from cvelistv5
Published
2022-05-02 16:05
Modified
2024-08-02 23:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Photo Gallery by 10Web – Mobile-Friendly Image Gallery |
Version: 1.6.3 < 1.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/37a58f4e-d2bc-4825-8e1b-4aaf0a1cf1b6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2706798%40photo-gallery\u0026old=2694928%40photo-gallery\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.6.3",
"status": "affected",
"version": "1.6.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET[\u0027image_url\u0027] variable, which is reflected back to the users when executing the editimage_bwg AJAX action."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T16:05:58",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/37a58f4e-d2bc-4825-8e1b-4aaf0a1cf1b6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2706798%40photo-gallery\u0026old=2694928%40photo-gallery\u0026sfp_email=\u0026sfph_mail="
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Photo Gallery \u003c 1.6.3 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1282",
"STATE": "PUBLIC",
"TITLE": "Photo Gallery \u003c 1.6.3 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.6.3",
"version_value": "1.6.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET[\u0027image_url\u0027] variable, which is reflected back to the users when executing the editimage_bwg AJAX action."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/37a58f4e-d2bc-4825-8e1b-4aaf0a1cf1b6",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/37a58f4e-d2bc-4825-8e1b-4aaf0a1cf1b6"
},
{
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2706798%40photo-gallery\u0026old=2694928%40photo-gallery\u0026sfp_email=\u0026sfph_mail=",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=2706798%40photo-gallery\u0026old=2694928%40photo-gallery\u0026sfp_email=\u0026sfph_mail="
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1282",
"datePublished": "2022-05-02T16:05:58",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1394 (GCVE-0-2022-1394)
Vulnerability from cvelistv5
Published
2022-06-06 08:50
Modified
2024-08-03 00:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/f7a0df37-3204-4926-84ec-2204a2f22de3 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Photo Gallery by 10Web – Mobile-Friendly Image Gallery |
Version: 1.6.4 < 1.6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/f7a0df37-3204-4926-84ec-2204a2f22de3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.6.4",
"status": "affected",
"version": "1.6.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "0ppr2s"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T08:50:56",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/f7a0df37-3204-4926-84ec-2204a2f22de3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Photo Gallery \u003c 1.6.4 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1394",
"STATE": "PUBLIC",
"TITLE": "Photo Gallery \u003c 1.6.4 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.6.4",
"version_value": "1.6.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "0ppr2s"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/f7a0df37-3204-4926-84ec-2204a2f22de3",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f7a0df37-3204-4926-84ec-2204a2f22de3"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1394",
"datePublished": "2022-06-06T08:50:56",
"dateReserved": "2022-04-19T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1427 (GCVE-0-2023-1427)
Vulnerability from cvelistv5
Published
2023-04-17 12:17
Modified
2025-02-06 15:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946 | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Photo Gallery by 10Web |
Version: 0 < 1.8.15 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-1427",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T15:29:28.655584Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T15:29:34.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Photo Gallery by 10Web",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.8.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Huu Do"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T12:17:41.603Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Photo Gallery by 10Web \u003c 1.8.15 - Admin+ Path Traversal",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-1427",
"datePublished": "2023-04-17T12:17:41.603Z",
"dateReserved": "2023-03-16T10:39:16.489Z",
"dateUpdated": "2025-02-06T15:29:34.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1394 (GCVE-0-2015-1394)
Vulnerability from cvelistv5
Published
2020-02-08 16:45
Modified
2024-08-06 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wordpress.org/plugins/photo-gallery/changelog/ | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded | x_refsource_MISC | |
| https://plugins.trac.wordpress.org/changeset/1073334/ | x_refsource_MISC | |
| https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery | x_refsource_MISC | |
| https://seclists.org/bugtraq/2015/Jan/140 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/1073334/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2015/Jan/140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T16:45:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/photo-gallery/changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset/1073334/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2015/Jan/140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/photo-gallery/changelog/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/photo-gallery/changelog/"
},
{
"name": "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/archive/1/534568/100/0/threaded"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/1073334/",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/1073334/"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/1076678/photo-gallery"
},
{
"name": "https://seclists.org/bugtraq/2015/Jan/140",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2015/Jan/140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1394",
"datePublished": "2020-02-08T16:45:44",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16119 (GCVE-0-2019-16119)
Vulnerability from cvelistv5
Published
2019-09-08 22:48
Modified
2024-08-05 01:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:39.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Albumsgalleries.php?old=1845136\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FAlbumsgalleries.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9872"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154432/WordPress-Photo-Gallery-1.5.34-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-11T00:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Albumsgalleries.php?old=1845136\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FAlbumsgalleries.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9872"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154432/WordPress-Photo-Gallery-1.5.34-SQL-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/photo-gallery/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Albumsgalleries.php?old=1845136\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FAlbumsgalleries.php",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Albumsgalleries.php?old=1845136\u0026old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FAlbumsgalleries.php"
},
{
"name": "https://wpvulndb.com/vulnerabilities/9872",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9872"
},
{
"name": "http://packetstormsecurity.com/files/154432/WordPress-Photo-Gallery-1.5.34-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154432/WordPress-Photo-Gallery-1.5.34-SQL-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16119",
"datePublished": "2019-09-08T22:48:58",
"dateReserved": "2019-09-08T00:00:00",
"dateUpdated": "2024-08-05T01:10:39.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9380 (GCVE-0-2015-9380)
Vulnerability from cvelistv5
Published
2019-08-30 12:26
Modified
2024-08-06 08:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The photo-gallery plugin before 1.2.42 for WordPress has CSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wordpress.org/plugins/photo-gallery/#developers | x_refsource_MISC | |
| https://wpvulndb.com/vulnerabilities/7225 | x_refsource_MISC | |
| https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:51:05.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/7225"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The photo-gallery plugin before 1.2.42 for WordPress has CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-30T12:26:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/7225"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The photo-gallery plugin before 1.2.42 for WordPress has CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/photo-gallery/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"name": "https://wpvulndb.com/vulnerabilities/7225",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/7225"
},
{
"name": "https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable/",
"refsource": "MISC",
"url": "https://wordpress.org/support/topic/this-plugin-is-reported-as-vulnerable/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9380",
"datePublished": "2019-08-30T12:26:50",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-08-06T08:51:05.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6924 (GCVE-0-2023-6924)
Vulnerability from cvelistv5
Published
2024-01-11 08:32
Modified
2025-06-03 14:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It can also be exploited with a contributor-level permission with a page builder plugin.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 10web | Photo Gallery by 10Web – Mobile-Friendly Image Gallery |
Version: * ≤ 1.8.18 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21b4d1a1-55fe-4241-820c-203991d724c4?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/Widget.php#L94"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/WidgetSlideshow.php#L64"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/WidgetTags.php#L58"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3013021/photo-gallery"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:55:58.490098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:10:16.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"vendor": "10web",
"versions": [
{
"lessThanOrEqual": "1.8.18",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It can also be exploited with a contributor-level permission with a page builder plugin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T08:32:29.092Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21b4d1a1-55fe-4241-820c-203991d724c4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/Widget.php#L94"
},
{
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/WidgetSlideshow.php#L64"
},
{
"url": "https://plugins.trac.wordpress.org/browser/photo-gallery/tags/1.8.18/admin/views/WidgetTags.php#L58"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3013021/photo-gallery"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-18T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-12-18T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-12-21T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6924",
"datePublished": "2024-01-11T08:32:29.092Z",
"dateReserved": "2023-12-18T15:13:08.984Z",
"dateUpdated": "2025-06-03T14:10:16.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24291 (GCVE-0-2021-24291)
Vulnerability from cvelistv5
Published
2021-05-14 11:38
Modified
2024-08-03 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/cfb982b2-8b6d-4345-b3ab-3d2b130b873a | x_refsource_CONFIRM | |
| https://packetstormsecurity.com/files/162227/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Photo Gallery Team | Photo Gallery by 10Web – Mobile-Friendly Image Gallery |
Version: 1.5.69 < 1.5.69 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/cfb982b2-8b6d-4345-b3ab-3d2b130b873a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/162227/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"vendor": "Photo Gallery Team",
"versions": [
{
"lessThan": "1.5.69",
"status": "affected",
"version": "1.5.69",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ThuraMoeMyint"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-14T11:38:18",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/cfb982b2-8b6d-4345-b3ab-3d2b130b873a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/162227/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Photo Gallery \u003c 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24291",
"STATE": "PUBLIC",
"TITLE": "Photo Gallery \u003c 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.69",
"version_value": "1.5.69"
}
]
}
}
]
},
"vendor_name": "Photo Gallery Team"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ThuraMoeMyint"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/cfb982b2-8b6d-4345-b3ab-3d2b130b873a",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/cfb982b2-8b6d-4345-b3ab-3d2b130b873a"
},
{
"name": "https://packetstormsecurity.com/files/162227/",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/162227/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24291",
"datePublished": "2021-05-14T11:38:18",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25041 (GCVE-0-2021-25041)
Vulnerability from cvelistv5
Published
2021-12-06 15:55
Modified
2024-08-03 19:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/32aee3ea-e0af-44da-a16c-102c83eaed8f | x_refsource_MISC | |
| https://plugins.trac.wordpress.org/changeset/2467205 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Photo Gallery by 10Web – Mobile-Friendly Image Gallery |
Version: 1.5.68 < 1.5.68 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/32aee3ea-e0af-44da-a16c-102c83eaed8f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2467205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.68",
"status": "affected",
"version": "1.5.68",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ThuraMoeMyint"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-06T15:55:40",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/32aee3ea-e0af-44da-a16c-102c83eaed8f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2467205"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Photo Gallery by 10Web \u003c 1.5.68 - Reflected Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25041",
"STATE": "PUBLIC",
"TITLE": "Photo Gallery by 10Web \u003c 1.5.68 - Reflected Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.68",
"version_value": "1.5.68"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ThuraMoeMyint"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/32aee3ea-e0af-44da-a16c-102c83eaed8f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/32aee3ea-e0af-44da-a16c-102c83eaed8f"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2467205",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2467205"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25041",
"datePublished": "2021-12-06T15:55:40",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:14.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2296 (GCVE-0-2024-2296)
Vulnerability from cvelistv5
Published
2024-04-06 08:38
Modified
2024-08-01 19:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 10web | Photo Gallery by 10Web – Mobile-Friendly Image Gallery |
Version: * ≤ 1.8.21 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T13:21:57.910783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T19:30:42.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/994a044d-db69-4f2d-9027-cf3665446ed3?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3058445%40photo-gallery\u0026new=3058445%40photo-gallery\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"vendor": "10web",
"versions": [
{
"lessThanOrEqual": "1.8.21",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jobert Krohnen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-06T08:38:53.976Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/994a044d-db69-4f2d-9027-cf3665446ed3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3058445%40photo-gallery\u0026new=3058445%40photo-gallery\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-05T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2296",
"datePublished": "2024-04-06T08:38:53.976Z",
"dateReserved": "2024-03-07T17:41:33.966Z",
"dateUpdated": "2024-08-01T19:11:53.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1281 (GCVE-0-2022-1281)
Vulnerability from cvelistv5
Published
2022-05-02 16:05
Modified
2024-08-02 23:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Photo Gallery by 10Web – Mobile-Friendly Image Gallery |
Version: 1.6.3 < 1.6.3* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2b4866f2-f511-41c6-8135-cf1e0263d8de"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2706797/photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php?old=2587758\u0026old_path=photo-gallery%2Ftrunk%2Ffrontend%2Fmodels%2FBWGModelGalleryBox.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"vendor": "Unknown",
"versions": [
{
"changes": [
{
"at": "1.6.3",
"status": "unaffected"
}
],
"lessThan": "1.6.3*",
"status": "affected",
"version": "1.6.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST[\u0027filter_tag\u0027] parameter, which is appended to an SQL query, making SQL Injection attacks possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T16:05:57",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/2b4866f2-f511-41c6-8135-cf1e0263d8de"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2706797/photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php?old=2587758\u0026old_path=photo-gallery%2Ftrunk%2Ffrontend%2Fmodels%2FBWGModelGalleryBox.php"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Photo Gallery \u003c 1.6.3 - Unauthenticated SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1281",
"STATE": "PUBLIC",
"TITLE": "Photo Gallery \u003c 1.6.3 - Unauthenticated SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "1.6.3",
"version_value": "1.6.3"
},
{
"version_affected": "\u003c",
"version_name": "1.6.3",
"version_value": "1.6.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST[\u0027filter_tag\u0027] parameter, which is appended to an SQL query, making SQL Injection attacks possible."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/2b4866f2-f511-41c6-8135-cf1e0263d8de",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2b4866f2-f511-41c6-8135-cf1e0263d8de"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2706797/photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php?old=2587758\u0026old_path=photo-gallery%2Ftrunk%2Ffrontend%2Fmodels%2FBWGModelGalleryBox.php",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2706797/photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php?old=2587758\u0026old_path=photo-gallery%2Ftrunk%2Ffrontend%2Fmodels%2FBWGModelGalleryBox.php"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1281",
"datePublished": "2022-05-02T16:05:57",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4058 (GCVE-0-2022-4058)
Vulnerability from cvelistv5
Published
2022-12-19 13:41
Modified
2024-08-03 01:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4 | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Photo Gallery by 10Web |
Version: 0 < 1.8.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Photo Gallery by 10Web",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T13:41:43.962Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Photo Gallery \u003c 1.8.3 - Stored XSS via CSRF",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-4058",
"datePublished": "2022-12-19T13:41:43.962Z",
"dateReserved": "2022-11-18T13:01:58.873Z",
"dateUpdated": "2024-08-03T01:27:54.541Z",
"requesterUserId": "dc9e157c-ddf1-4983-adaf-9f01d16b5e04",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0169 (GCVE-0-2022-0169)
Vulnerability from cvelistv5
Published
2022-03-14 14:41
Modified
2024-08-02 23:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709c | x_refsource_MISC | |
| https://plugins.trac.wordpress.org/changeset/2672822/photo-gallery#file9 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Photo Gallery by 10Web – Mobile-Friendly Image Gallery |
Version: 1.6.0 < 1.6.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2672822/photo-gallery#file9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.6.0",
"status": "affected",
"version": "1.6.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T14:41:22",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2672822/photo-gallery#file9"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Photo Gallery by 10Web \u003c 1.6.0 - Unauthenticated SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0169",
"STATE": "PUBLIC",
"TITLE": "Photo Gallery by 10Web \u003c 1.6.0 - Unauthenticated SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.6.0",
"version_value": "1.6.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709c"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2672822/photo-gallery#file9",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2672822/photo-gallery#file9"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0169",
"datePublished": "2022-03-14T14:41:22",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9335 (GCVE-0-2020-9335)
Vulnerability from cvelistv5
Published
2020-02-25 16:35
Modified
2024-08-04 10:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wordpress.org/plugins/photo-gallery/#developers | x_refsource_MISC | |
| https://wpvulndb.com/vulnerabilities/10088 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/10088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-25T16:35:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/10088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/photo-gallery/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
},
{
"name": "https://wpvulndb.com/vulnerabilities/10088",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/10088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9335",
"datePublished": "2020-02-25T16:35:58",
"dateReserved": "2020-02-22T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33586 (GCVE-0-2024-33586)
Vulnerability from cvelistv5
Published
2024-04-29 12:42
Modified
2024-08-02 02:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Photo Gallery Team | Photo Gallery by 10Web |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T16:15:27.359338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:44:31.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-20-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "photo-gallery",
"product": "Photo Gallery by 10Web",
"vendor": "Photo Gallery Team",
"versions": [
{
"changes": [
{
"at": "1.8.21",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.8.20",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Steven Julian (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.\u003cp\u003eThis issue affects Photo Gallery by 10Web: from n/a through 1.8.20.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T12:42:29.219Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-20-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 1.8.21 or a higher version."
}
],
"value": "Update to 1.8.21 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Photo Gallery by 10Web plugin \u003c= 1.8.20 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-33586",
"datePublished": "2024-04-29T12:42:29.219Z",
"dateReserved": "2024-04-24T15:01:58.367Z",
"dateUpdated": "2024-08-02T02:36:04.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29833 (GCVE-0-2024-29833)
Vulnerability from cvelistv5
Published
2024-03-26 15:30
Modified
2024-08-02 16:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 10Web | PhotoGallery |
Version: 1.0.1 ≤ 1.8.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:17:57.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:10web:photo_gallery:1.0.1:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "photo_gallery",
"vendor": "10web",
"versions": [
{
"lessThanOrEqual": "1.8.21",
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29833",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T16:46:02.579848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T16:46:09.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PhotoGallery",
"vendor": "10Web",
"versions": [
{
"lessThanOrEqual": "1.8.21",
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AppCheck Ltd."
}
],
"descriptions": [
{
"lang": "en",
"value": "The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature, however once uploaded the payload is also accessible to unauthenticated users."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63: Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:30:28.269Z",
"orgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"shortName": "AppCheck"
},
"references": [
{
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"title": "WordPress Photo Gallery Plugin \u003c= 1.8.21 Stored Cross Site Scripting in UploadHandler",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"assignerShortName": "AppCheck",
"cveId": "CVE-2024-29833",
"datePublished": "2024-03-26T15:30:28.269Z",
"dateReserved": "2024-03-20T09:56:32.456Z",
"dateUpdated": "2024-08-02T16:46:09.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9878 (GCVE-0-2024-9878)
Vulnerability from cvelistv5
Published
2024-11-05 09:30
Modified
2024-11-05 13:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 10web | Photo Gallery by 10Web – Mobile-Friendly Image Gallery |
Version: * ≤ 1.8.30 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T13:29:40.386095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T13:29:57.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery",
"vendor": "10web",
"versions": [
{
"lessThanOrEqual": "1.8.30",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "tmrswrr"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:30:58.925Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bfa1192b-34f5-4b71-8fff-14f2d4ac4aca?source=cve"
},
{
"url": "https://packetstormsecurity.com/files/179357/WordPress-Photo-Gallery-1.8.26-Cross-Site-Scripting.html"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3180567%40photo-gallery%2Ftrunk\u0026old=3171538%40photo-gallery%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file12"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-04T21:24:54.000+00:00",
"value": "Disclosed"
}
],
"title": "Photo Gallery by 10Web \u003c= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9878",
"datePublished": "2024-11-05T09:30:58.925Z",
"dateReserved": "2024-10-11T18:12:37.932Z",
"dateUpdated": "2024-11-05T13:29:57.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5968 (GCVE-0-2024-5968)
Vulnerability from cvelistv5
Published
2024-10-09 06:00
Modified
2024-11-05 18:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/db73e8d8-feb1-4daa-937e-a73969a93bcc/ | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Photo Gallery by 10Web |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-5968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T13:38:19.458682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T18:24:39.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Photo Gallery by 10Web",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.8.28",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T06:00:05.106Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/db73e8d8-feb1-4daa-937e-a73969a93bcc/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Photo Gallery by 10Web \u003c= 1.8.27 - Admin+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-5968",
"datePublished": "2024-10-09T06:00:05.106Z",
"dateReserved": "2024-06-13T12:47:21.028Z",
"dateUpdated": "2024-11-05T18:24:39.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29809 (GCVE-0-2024-29809)
Vulnerability from cvelistv5
Published
2024-03-26 15:27
Modified
2024-08-02 16:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 10Web | PhotoGallery |
Version: 1.0.1 ≤ 1.8.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:17:58.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:10web:photo_gallery:1.0.1:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "photo_gallery",
"vendor": "10web",
"versions": [
{
"lessThanOrEqual": "1.8.21",
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29809",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T16:37:53.995247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T16:39:55.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PhotoGallery",
"vendor": "10Web",
"versions": [
{
"lessThanOrEqual": "1.8.21",
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AppCheck Ltd."
}
],
"descriptions": [
{
"lang": "en",
"value": "The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the image_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63: Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:27:56.092Z",
"orgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"shortName": "AppCheck"
},
"references": [
{
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"title": "WordPress Photo Gallery Plugin \u003c= 1.8.21 Reflected Cross Site Scripting in editimage_bwg image_url",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"assignerShortName": "AppCheck",
"cveId": "CVE-2024-29809",
"datePublished": "2024-03-26T15:27:56.092Z",
"dateReserved": "2024-03-19T16:26:38.384Z",
"dateUpdated": "2024-08-02T16:39:55.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10704 (GCVE-0-2024-10704)
Vulnerability from cvelistv5
Published
2024-11-29 06:00
Modified
2024-11-29 14:51
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/6c115117-11c0-4c9e-9988-8547c9364c01/ | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Photo Gallery by 10Web |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:photo_gallery_by_10web_wordpress:photo_gallery_by_10web_wordpress:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "photo_gallery_by_10web_wordpress",
"vendor": "photo_gallery_by_10web_wordpress",
"versions": [
{
"lessThan": "1.8.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-10704",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T14:47:18.285495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T14:51:23.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Photo Gallery by 10Web",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.8.31",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T06:00:07.129Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/6c115117-11c0-4c9e-9988-8547c9364c01/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Photo Gallery by 10Web \u003c 1.8.31 - Admin+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-10704",
"datePublished": "2024-11-29T06:00:07.129Z",
"dateReserved": "2024-11-01T17:49:46.621Z",
"dateUpdated": "2024-11-29T14:51:23.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29832 (GCVE-0-2024-29832)
Vulnerability from cvelistv5
Published
2024-03-26 15:24
Modified
2024-08-02 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No authentication is required to exploit this issue.
Note that other parameters within a AJAX call, such as image_id, must be valid for this vulnerability to be successfully exploited.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| 10Web | PhotoGallery |
Version: 1.0.1 ≤ 1.8.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:17:58.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:10web:photo_gallery:1.0.1:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "photo_gallery",
"vendor": "10web",
"versions": [
{
"lessThanOrEqual": "1.8.21",
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T16:40:33.183447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T16:41:57.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PhotoGallery",
"vendor": "10Web",
"versions": [
{
"lessThanOrEqual": "1.8.21",
"status": "affected",
"version": "1.0.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AppCheck Ltd."
}
],
"descriptions": [
{
"lang": "en",
"value": "The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the current_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No authentication is required to exploit this issue.\nNote that other parameters within a AJAX call, such as image_id, must be valid for this vulnerability to be successfully exploited."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63: Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:24:24.084Z",
"orgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"shortName": "AppCheck"
},
"references": [
{
"url": "https://appcheck-ng.com/xss-vulnerabilities-discovered-10web-photogallery-wordpress-plugin/"
},
{
"url": "https://wordpress.org/plugins/photo-gallery/#developers"
}
],
"title": "WordPress Photo Gallery Plugin \u003c= 1.8.21 Unauthenticated Reflected Cross Site Scripting in GalleryBox current_url",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
"assignerShortName": "AppCheck",
"cveId": "CVE-2024-29832",
"datePublished": "2024-03-26T15:24:24.084Z",
"dateReserved": "2024-03-20T09:56:32.456Z",
"dateUpdated": "2024-08-02T16:41:57.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}