CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33586 – WordPress Photo Gallery by 10Web plugin <= 1.8.20 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33586
25 Apr 2024 — Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20. Vulnerabilidad de autorización faltante en Photo Gallery Team Photo Gallery de 10Web. Este problema afecta a Photo Gallery de 10Web: desde n/a hasta 1.8.20. The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8... • https://patchstack.com/database/vulnerability/photo-gallery/wordpress-photo-gallery-by-10web-plugin-1-8-20-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29919 – WordPress Photo Gallery by Ays Plugin <=5.5.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29919
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Reflected XSS.This issue affects Photo Gallery by Ays: from n/a through 5.5.2. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Photo Gallery Team Photo Gallery by Ays permite XSS reflejado. Este problema afecta a Photo Gallery by Ays: desde n/a hasta 5.5.2. The Photo Gallery by Ays pl... • https://patchstack.com/database/vulnerability/gallery-photo-gallery/wordpress-photo-gallery-by-ays-plugin-5-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23518 – WordPress ACF Photo Gallery Field plugin <= 2.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-23518
30 Jan 2024 — Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6. Vulnerabilidad de autorización faltante en Navneil Naicker ACF Photo Gallery Field. Este problema afecta a ACF Photo Gallery Field: desde n/a hasta 2.6. The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the apgf_update_donation function in versions up to and including 2.6. This m... • https://patchstack.com/database/vulnerability/navz-photo-gallery/wordpress-acf-photo-gallery-field-plugin-2-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33995 – WordPress Photo Gallery by 10Web plugin <= 1.8.15 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-33995
02 Jun 2023 — Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15. The Photo Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_score function called via an AJAX action in versions up to, and including, 1.8.15. This makes it possible for authenticated attackers, with minimal permissions ... • https://patchstack.com/database/wordpress/plugin/photo-gallery/vulnerability/wordpress-photo-gallery-by-10web-plugin-1-8-15-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2776 – code-projects Simple Photo Gallery unrestricted upload
https://notcve.org/view.php?id=CVE-2023-2776
17 May 2023 — A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. The attack can be initiated remotely. • https://gitee.com/zyz0103/system-vul/blob/master/Simple%20Photo%20Gallery%20In%20PHP%20With%20Source%20Code%20has%20file%20upload%20vulnerability.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9441 – Lightbox Photo Gallery <= 1.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-9441
12 Dec 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php. Múltiples vulnerabilidades de CSRF en el plugin Lightbox Photo Gallery 1.0 para WordPre... • http://packetstormsecurity.com/files/129507 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2014-6315 – Photo Gallery by 10Web <= 1.1.30 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-6315
01 Oct 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php. Múltiples vulnerabilidades de XSS en el plugin Web-Dorado Photo Gallery 1.1.30 y anteriores para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1... • https://packetstorm.news/files/id/128518 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2014-4529 – Flash Photo Gallery <= 0.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4529
25 Apr 2014 — Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Flash Photo Gallery plugin 0.7 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter. Vulnerabilidad de XSS en fpg_preview.php en el plugin Flash Photo Gallery 0.7 y anteriores para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro path. • http://codevigilant.com/disclosure/wp-plugin-flash-photo-gallery-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2003-1525
https://notcve.org/view.php?id=CVE-2003-1525
31 Dec 2003 — Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors. • http://www.fuzzymonkey.org/newfuzzy/software/perl/photo/README.html •