10Web Photo Gallery vulnerabilities

49 known vulnerabilities affecting 10web/photo_gallery.

Total CVEs
49
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH6MEDIUM37LOW1

Vulnerabilities

Page 3 of 3
CVE-2015-9380HIGHCVSS 8.8fixed in 1.2.422019-08-30
CVE-2015-9380 [HIGH] CWE-352 CVE-2015-9380: The photo-gallery plugin before 1.2.42 for WordPress has CSRF. The photo-gallery plugin before 1.2.42 for WordPress has CSRF.
nvd
CVE-2019-14798MEDIUMCVSS 4.9fixed in 1.5.252019-08-09
CVE-2019-14798 [MEDIUM] CWE-22 CVE-2019-14798: The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion vi The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.
nvd
CVE-2019-14797MEDIUMCVSS 5.4fixed in 1.5.232019-08-09
CVE-2019-14797 [MEDIUM] CWE-79 CVE-2019-14797: The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.
nvd
CVE-2019-14313CRITICALCVSS 9.8fixed in 1.5.312019-07-30
CVE-2019-14313 [CRITICAL] CWE-89 CVE-2019-14313: A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.
nvd
CVE-2015-2324MEDIUMCVSS 5.4fixed in 1.2.132018-02-19
CVE-2015-2324 [MEDIUM] CWE-79 CVE-2015-2324: Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.1 Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2014-9312HIGHCVSS 8.8PoCv1.2.52017-08-28
CVE-2014-9312 [HIGH] CWE-434 CVE-2014-9312: Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
nvd
CVE-2017-12977HIGHCVSS 7.2≤ 1.3.502017-08-21
CVE-2017-12977 [HIGH] CWE-89 CVE-2017-12977: The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress h The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter.
nvd
CVE-2015-1393MEDIUMCVSS 6.5≤ 1.2.92015-02-02
CVE-2015-1393 [MEDIUM] CWE-89 CVE-2015-1393: SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote au SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php.
nvd
CVE-2015-1055HIGHCVSS 7.5v1.2.72015-01-16
CVE-2015-1055 [HIGH] CWE-89 CVE-2015-1055: SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php.
nvd
← Previous3 / 3
10Web Photo Gallery vulnerabilities | cvebase