Approved changes feed: RSS · Atom

cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor10Web (a48aaa7e-f686-5cd9-9b59-60b5c3bf60d0)
ProductPhoto Gallery (fc3ac136-ce28-539a-9648-4f410b3a7ae1)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-0613 vulnerable 2026-06-08 07:02:24.948826 Photo Gallery < 1.8.34 - Unauthenticated Stored XSS
The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed
Published: 2025-03-31T06:00:01.529Z
Updated: 2025-03-31T14:59:55.246Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-9878 vulnerable 2026-06-08 07:00:28.837825 Photo Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting
MEDIUM (4.4)
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Published: 2024-11-05T09:30:58.925Z
Updated: 2026-04-08T17:19:29.127Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8670 vulnerable 2026-06-08 07:00:25.363915 Photo Gallery by 10Web < 1.8.29 - Admin+ Stored XSS
The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Published: 2025-05-15T20:07:17.244Z
Updated: 2025-05-20T18:43:34.543Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-5968 vulnerable 2026-06-08 06:56:18.099296 Photo Gallery by 10Web <= 1.8.27 - Admin+ Stored XSS
The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Published: 2024-10-09T06:00:05.106Z
Updated: 2024-11-05T18:24:39.752Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-5481 vulnerable 2026-06-08 06:56:16.147872 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function
MEDIUM (6.8)
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the server, which can contain sensitive information, and to cut (delete) arbitrary directories, including the root WordPress directory. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery edit permissions to lower level users, which might make this exploitable by users as low as contributors.
Published: 2024-06-07T09:33:36.357Z
Updated: 2026-04-08T17:01:35.978Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-5426 vulnerable 2026-06-08 06:56:15.992015 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-44043 vulnerable 2026-06-08 06:45:53.483164 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-35628 vulnerable 2026-06-08 06:39:42.175430 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-33586 vulnerable 2026-06-08 06:37:31.699528 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-32583 vulnerable 2026-06-08 06:37:23.256476 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2296 vulnerable 2026-06-08 06:33:30.787852 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-29833 vulnerable 2026-06-08 06:33:29.422251 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-29832 vulnerable 2026-06-08 06:33:29.421678 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-29810 vulnerable 2026-06-08 06:33:29.375727 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-29809 vulnerable 2026-06-08 06:33:29.375191 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-29808 vulnerable 2026-06-08 06:33:29.374326 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-13124 vulnerable 2026-06-08 06:25:36.756632 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-10704 vulnerable 2026-06-08 06:23:47.318772 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0221 vulnerable 2026-06-08 06:22:00.052027 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-6924 vulnerable 2026-06-08 06:21:56.342818 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-33995 vulnerable 2026-06-08 06:06:24.170332 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-1427 vulnerable 2026-06-08 05:52:35.901985 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-4058 vulnerable 2026-06-08 05:51:36.669646 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-1394 vulnerable 2026-06-08 05:39:13.100650 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-1282 vulnerable 2026-06-08 05:39:12.615297 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-1281 vulnerable 2026-06-08 05:39:12.614840 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-0169 vulnerable 2026-06-08 05:39:09.388961 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46889 vulnerable 2026-06-08 05:38:06.256274 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-31693 vulnerable 2026-06-08 05:31:53.843798 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-25041 vulnerable 2026-06-08 05:30:39.851665 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-24363 vulnerable 2026-06-08 05:30:04.245970 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-24362 vulnerable 2026-06-08 05:30:04.245588 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-24310 vulnerable 2026-06-08 05:30:04.161062 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-24291 vulnerable 2026-06-08 05:30:04.127574 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-24139 vulnerable 2026-06-08 05:30:03.845820 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-9335 vulnerable 2026-06-08 05:27:21.213125 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-16119 vulnerable 2026-06-08 05:13:07.752826 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-16118 vulnerable 2026-06-08 05:13:07.752456 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-16117 vulnerable 2026-06-08 05:13:07.751888 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-14798 vulnerable 2026-06-08 05:12:56.027822 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-14797 vulnerable 2026-06-08 05:12:56.027491 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-14313 vulnerable 2026-06-08 05:12:54.552287 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-12977 vulnerable 2026-06-08 05:08:48.217056 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-9380 vulnerable 2026-06-08 05:07:13.633492 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-2324 vulnerable 2026-06-08 05:06:28.028176 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-1394 vulnerable 2026-06-08 05:06:25.538633 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2015-1393 vulnerable 2026-06-08 05:06:25.538191 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.