CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9335 – Photo Gallery by 10Web <= 1.5.45 - Multiple Cross-Site Scripting Issues
https://notcve.org/view.php?id=CVE-2020-9335
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users. Múltiples vulnerabilidades de tipo XSS almacenado se presentan en el plugin 10Web Photo Gallery versiones anteriores a 1.5.46 en WordPress. Una explotación con éxito de esta vulnerabilidad permitiría a un usuario administrador autentificado inyectar código JavaScript arbitrario que es visualizado por otros usuarios. • https://wordpress.org/plugins/photo-gallery/#developers https://wpvulndb.com/vulnerabilities/10088 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16118 – Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-16118
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php. Secuencias de comandos de sitios cruzados (XSS) en el plugin de galería de fotos (10Web Photo Gallery) anterior de la versión 1.5.35 para WordPress existe a través de admin / controllers / Options.php. WordPress Photo Gallery plugin version 1.5.34 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/47373 http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Options.php?old=2142624&old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FOptions.php https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/js/bwg.js?old=2135029&old_path=photo-gallery%2Ftrunk%2Fjs%2Fbwg.js https://wordpress.org/plugins/photo-gallery/#developers& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 94%CPEs: 1EXPL: 1CVE-2019-16119 – Photo Gallery by 10Web <= 1.5.34 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-16119
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter. La inyección SQL en el plugin de galería de fotos (10Web Photo Gallery) en versiones anteriores a la 1.5.35 para WordPress existe a través del parámetro admin/controllers/Albumsgalleries.php album_id. WordPress Photo Gallery plugin version 1.5.34 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/47371 http://packetstormsecurity.com/files/154432/WordPress-Photo-Gallery-1.5.34-SQL-Injection.html https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/controllers/Albumsgalleries.php?old=1845136&old_path=photo-gallery%2Ftrunk%2Fadmin%2Fcontrollers%2FAlbumsgalleries.php https://wordpress.org/plugins/photo-gallery/#developers https://wpvulndb.com/vulnerabilities/9872 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2019-16117 – Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-16117
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php. Secuencias de comandos de sitios cruzados (XSS) en el complemento de galería de fotos (10Web Photo Gallery) anterior de la versión 1.5.35 para WordPress existe a través de admin / models / Galleries.php. WordPress Photo Gallery plugin version 1.5.34 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/47372 http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/models/Galleries.php?old=2135029&old_path=photo-gallery%2Ftrunk%2Fadmin%2Fmodels%2FGalleries.php https://wordpress.org/plugins/photo-gallery/#developers https://wpvulndb.com/vulnerabilities/9872 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14313 – Photo Gallery by 10Web <= 1.5.30 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-14313
A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php. Se presenta una vulnerabilidad de inyección SQL en el plugin 10Web Photo Gallery anterior a versión 1.5.31 para WordPress. La explotación con éxito de esta vulnerabilidad permitiría a un atacante remoto ejecutar comandos SQL arbitrarios en el sistema afectado por medio del archivo filemanager/model.php. • https://fortiguard.com/zeroday/FG-VD-19-101 https://plugins.trac.wordpress.org/changeset/2128378 https://wordpress.org/plugins/photo-gallery/#developers https://wpvulndb.com/vulnerabilities/9480 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •