CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46889 – Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.5.68 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-46889
The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693. The Photo Gallery by 10Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'theme_id' parameter in versions up to, and including, 1.5.68 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://packetstormsecurity.com/files/162227/WordPress-Photo-Gallery-1.5.69-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25041 – Photo Gallery by 10Web < 1.5.68 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-25041
The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action El plugin Photo Gallery by 10Web de WordPress versiones anteriores a 1.5.68, es vulnerable a problemas de tipo Cross-Site Scripting (XSS) Reflejado por medio de los parámetros GET bwg_album_breadcrumb_0 y shortcode_id pasados a la acción AJAX bwg_frontend_data • https://plugins.trac.wordpress.org/changeset/2467205 https://wpscan.com/vulnerability/32aee3ea-e0af-44da-a16c-102c83eaed8f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24139 – Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-24139
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter. Una entrada no comprobada en el plugin Photo Gallery de WordPress (10Web Photo Gallery), versiones anteriores a 1.5.55, conlleva a una inyección SQL por medio del parámetro bwg_search_x en el archivo frontend/models/model.php • https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9335 – Photo Gallery by 10Web <= 1.5.45 - Multiple Cross-Site Scripting Issues
https://notcve.org/view.php?id=CVE-2020-9335
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users. Múltiples vulnerabilidades de tipo XSS almacenado se presentan en el plugin 10Web Photo Gallery versiones anteriores a 1.5.46 en WordPress. Una explotación con éxito de esta vulnerabilidad permitiría a un usuario administrador autentificado inyectar código JavaScript arbitrario que es visualizado por otros usuarios. • https://wordpress.org/plugins/photo-gallery/#developers https://wpvulndb.com/vulnerabilities/10088 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2019-16117 – Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-16117
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php. Secuencias de comandos de sitios cruzados (XSS) en el complemento de galería de fotos (10Web Photo Gallery) anterior de la versión 1.5.35 para WordPress existe a través de admin / models / Galleries.php. WordPress Photo Gallery plugin version 1.5.34 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/47372 http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/models/Galleries.php?old=2135029&old_path=photo-gallery%2Ftrunk%2Fadmin%2Fmodels%2FGalleries.php https://wordpress.org/plugins/photo-gallery/#developers https://wpvulndb.com/vulnerabilities/9872 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •