CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1427 – Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal
https://notcve.org/view.php?id=CVE-2023-1427
- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector. The Photo Gallery plugin by 10Web for WordPress is vulnerable to Directory Traversal in versions up to, and including, 1.8.14 via the dir parameter. This allows authenticated attackers with administrator-level permissions to upload files to arbitrary directories on the server. • https://wpscan.com/vulnerability/c8917ba2-4cb3-4b09-8a49-b7c612254946 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4058 – Photo Gallery < 1.8.3 - Stored XSS via CSRF
https://notcve.org/view.php?id=CVE-2022-4058
The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control. El complemento Photo Gallery de 10Web para WordPress anterior a 1.8.3 no valida ni escapa algunos parámetros antes de volver a generarlos en código JS más adelante en otra página, lo que podría provocar un problema de XSS almacenado cuando un atacante hace que un administrador que ha iniciado sesión abra un archivo malicioso, URL o página bajo su control. The Photo Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation one of its functions. This makes it possible for unauthenticated attackers to inject malicious JavaScript, that will execute whenever a user accesses a page under their control. • https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1394 – Photo Gallery < 1.6.4 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1394
The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed El plugin Photo Gallery by 10Web de WordPress versiones anteriores a 1.6.4, no comprueba ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como los administradores, llevar a cabo ataques de tipo Cross-Site Scripting cuando unfiltered_html no está permitido The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Watermark font size" and "Watermark opacity" fields in versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/f7a0df37-3204-4926-84ec-2204a2f22de3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1281 – Photo Gallery < 1.6.3 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2022-1281
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible. El plugin Photo Gallery de WordPress versiones hasta 1.6.3, no escapa apropiadamente del parámetro $_POST["filter_tag"], que es anexado a una consulta SQL, haciendo posible ataques de inyección SQL • https://plugins.trac.wordpress.org/changeset/2706797/photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php?old=2587758&old_path=photo-gallery%2Ftrunk%2Ffrontend%2Fmodels%2FBWGModelGalleryBox.php https://wpscan.com/vulnerability/2b4866f2-f511-41c6-8135-cf1e0263d8de • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1282 – Photo Gallery < 1.6.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1282
The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action. El plugin Photo Gallery by 10Web de WordPress versiones anteriores a 1.6.3, no sanea apropiadamente la variable $_GET["image_url"], que es reflejada en usuarios cuando es ejecutada la acción AJAX editimage_bwg • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2706798%40photo-gallery&old=2694928%40photo-gallery&sfp_email=&sfph_mail= https://wpscan.com/vulnerability/37a58f4e-d2bc-4825-8e1b-4aaf0a1cf1b6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •