3 results (0.002 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

30 Jun 2025 — Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Gallery allows Using Malicious Files. This issue affects FW Gallery: from n/a through 8.0.0. The FW Gallery – Photo, video, audio media presentation and management system with players and slideshow plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 8.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affect... • https://patchstack.com/database/wordpress/plugin/fw-gallery/vulnerability/wordpress-fw-gallery-8-0-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

25 Jun 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fastw3b LLC FW Gallery allows PHP Local File Inclusion. This issue affects FW Gallery: from n/a through 8.0.0. The FW Gallery plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 8.0.0. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi... • https://patchstack.com/database/wordpress/plugin/fw-gallery/vulnerability/wordpress-fw-gallery-8-0-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

10 Jun 2025 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Gallery allows Path Traversal. This issue affects FW Gallery: from n/a through 8.0.0. The FW Gallery – Photo, video, audio media presentation and management system with players and slideshow plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 8.0.0. This makes it possible for unauthenticated attac... • https://patchstack.com/database/wordpress/plugin/fw-gallery/vulnerability/wordpress-fw-gallery-8-0-0-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •