CVSS: 6.1EPSS: 14%CPEs: 1EXPL: 2CVE-2021-24291 – Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24291
19 Apr 2021 — The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users) El plugin de WordPress The Photo Gallery by 10Web - Mobile-Friendly Image Gallery, versiones anteriores a 1.5.69, era vulnerable a problemas de tipo cross-site scripting (XSS) reflejado mediante los ... • https://packetstormsecurity.com/files/162227 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25041 – Photo Gallery by 10Web < 1.5.68 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-25041
03 Feb 2021 — The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action El plugin Photo Gallery by 10Web de WordPress versiones anteriores a 1.5.68, es vulnerable a problemas de tipo Cross-Site Scripting (XSS) Reflejado por medio de los parámetros GET bwg_album_breadcrumb_0 y shortcode_id pasados a la acción AJAX bwg_frontend_data • https://plugins.trac.wordpress.org/changeset/2467205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24139 – Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-24139
15 May 2020 — Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter. Una entrada no comprobada en el plugin Photo Gallery de WordPress (10Web Photo Gallery), versiones anteriores a 1.5.55, conlleva a una inyección SQL por medio del parámetro bwg_search_x en el archivo frontend/models/model.php • https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9335 – Photo Gallery by 10Web <= 1.5.45 - Multiple Cross-Site Scripting Issues
https://notcve.org/view.php?id=CVE-2020-9335
25 Feb 2020 — Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users. Múltiples vulnerabilidades de tipo XSS almacenado se presentan en el plugin 10Web Photo Gallery versiones anteriores a 1.5.46 en WordPress. Una explotación con éxito de esta vulnerabilidad permitiría a un usuario administrador autentificado inyectar código Ja... • https://wordpress.org/plugins/photo-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2019-16117 – Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-16117
08 Sep 2019 — Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php. Secuencias de comandos de sitios cruzados (XSS) en el complemento de galería de fotos (10Web Photo Gallery) anterior de la versión 1.5.35 para WordPress existe a través de admin / models / Galleries.php. WordPress Photo Gallery plugin version 1.5.34 suffers from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/154433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 2CVE-2019-16118 – Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-16118
08 Sep 2019 — Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php. Secuencias de comandos de sitios cruzados (XSS) en el plugin de galería de fotos (10Web Photo Gallery) anterior de la versión 1.5.35 para WordPress existe a través de admin / controllers / Options.php. WordPress Photo Gallery plugin version 1.5.34 suffers from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/154433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 27%CPEs: 1EXPL: 2CVE-2019-16119 – Photo Gallery by 10Web <= 1.5.34 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-16119
08 Sep 2019 — SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. La inyección SQL en el plugin de galería de fotos (10Web Photo Gallery) en versiones anteriores a la 1.5.35 para WordPress existe a través del parámetro admin/controllers/Albumsgalleries.php album_id. WordPress Photo Gallery plugin version 1.5.34 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/154432 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2019-14313 – Photo Gallery by 10Web <= 1.5.30 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-14313
26 Jul 2019 — A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php. Se presenta una vulnerabilidad de inyección SQL en el plugin 10Web Photo Gallery anterior a versión 1.5.31 para WordPress. La explotación con éxito de esta vulnerabilidad permitiría a un atacante remoto ejecutar comandos SQL arbitrarios en el sistema a... • https://fortiguard.com/zeroday/FG-VD-19-101 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14798 – Photo Gallery by 10Web <= 1.5.24 - Authenticated Local File Inclusion
https://notcve.org/view.php?id=CVE-2019-14798
15 May 2019 — The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter. El plugin 10Web Photo Gallery en versiones anteriores a 1.5.25 para WordPress, presenta una Inclusión de Archivos Locales Autenticada por medio de un salto de directorio en el parámetro wp-admin/admin-ajax.php?action=shortcode_bwg tagtext. • https://wordpress.org/plugins/photo-gallery/#developers • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14797 – Photo Gallery by 10Web <= 1.5.22 - Authenticated Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-14797
13 May 2019 — The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. El plugin 10Web Photo Gallery en versiones anteriores a 1.5.23 para WordPress, presenta una vulnerabilidad de tipo XSS almacenado autenticado. • https://wordpress.org/plugins/photo-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •