CVSS: 6.1EPSS: 14%CPEs: 1EXPL: 2CVE-2021-24291 – Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24291
19 Apr 2021 — The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users) El plugin de WordPress The Photo Gallery by 10Web - Mobile-Friendly Image Gallery, versiones anteriores a 1.5.69, era vulnerable a problemas de tipo cross-site scripting (XSS) reflejado mediante los ... • https://packetstormsecurity.com/files/162227 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25041 – Photo Gallery by 10Web < 1.5.68 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-25041
03 Feb 2021 — The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action El plugin Photo Gallery by 10Web de WordPress versiones anteriores a 1.5.68, es vulnerable a problemas de tipo Cross-Site Scripting (XSS) Reflejado por medio de los parámetros GET bwg_album_breadcrumb_0 y shortcode_id pasados a la acción AJAX bwg_frontend_data • https://plugins.trac.wordpress.org/changeset/2467205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24132 – Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-24132
29 Sep 2020 — The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if "Role Options" is turn on for other users) to perform a SQL Injection attacks. El plugin Slider para 10Web WordPress, versiones anteriores a 1.2.36, en las funcionalidades bulk_action, export_full y save_slider_db del plugin, eran vulnerables, permitiendo a un usuario muy... • https://wpscan.com/vulnerability/c1f45000-6c16-4606-be80-1938a755af2c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36756 – 10WebAnalytics <= 1.2.8 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2020-36756
16 Sep 2020 — The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the create_csv_file() function. This makes it possible for unauthenticated attackers to create a CSV file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24139 – Photo Gallery by 10Web < 1.5.55 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-24139
15 May 2020 — Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter. Una entrada no comprobada en el plugin Photo Gallery de WordPress (10Web Photo Gallery), versiones anteriores a 1.5.55, conlleva a una inyección SQL por medio del parámetro bwg_search_x en el archivo frontend/models/model.php • https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9335 – Photo Gallery by 10Web <= 1.5.45 - Multiple Cross-Site Scripting Issues
https://notcve.org/view.php?id=CVE-2020-9335
25 Feb 2020 — Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users. Múltiples vulnerabilidades de tipo XSS almacenado se presentan en el plugin 10Web Photo Gallery versiones anteriores a 1.5.46 en WordPress. Una explotación con éxito de esta vulnerabilidad permitiría a un usuario administrador autentificado inyectar código Ja... • https://wordpress.org/plugins/photo-gallery/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2019-16117 – Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-16117
08 Sep 2019 — Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php. Secuencias de comandos de sitios cruzados (XSS) en el complemento de galería de fotos (10Web Photo Gallery) anterior de la versión 1.5.35 para WordPress existe a través de admin / models / Galleries.php. WordPress Photo Gallery plugin version 1.5.34 suffers from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/154433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 2CVE-2019-16118 – Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-16118
08 Sep 2019 — Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php. Secuencias de comandos de sitios cruzados (XSS) en el plugin de galería de fotos (10Web Photo Gallery) anterior de la versión 1.5.35 para WordPress existe a través de admin / controllers / Options.php. WordPress Photo Gallery plugin version 1.5.34 suffers from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/154433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 27%CPEs: 1EXPL: 2CVE-2019-16119 – Photo Gallery by 10Web <= 1.5.34 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-16119
08 Sep 2019 — SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. La inyección SQL en el plugin de galería de fotos (10Web Photo Gallery) en versiones anteriores a la 1.5.35 para WordPress existe a través del parámetro admin/controllers/Albumsgalleries.php album_id. WordPress Photo Gallery plugin version 1.5.34 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/154432 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2019-14313 – Photo Gallery by 10Web <= 1.5.30 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-14313
26 Jul 2019 — A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php. Se presenta una vulnerabilidad de inyección SQL en el plugin 10Web Photo Gallery anterior a versión 1.5.31 para WordPress. La explotación con éxito de esta vulnerabilidad permitiría a un atacante remoto ejecutar comandos SQL arbitrarios en el sistema a... • https://fortiguard.com/zeroday/FG-VD-19-101 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •