Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Information

Software Type Plugin
Software Slug photo-gallery (view on wordpress.org)
Software Status Active
Software Author 10web
Software Website 10web.io
Software Downloads 18,703,387
Software Active Installs 200,000
Software Record Last Updated December 24, 2024

Showing 1-20 of 56 Vulnerabilities

6.1
CVE ID Unknown
Nov 3, 2022
Researchers:
Title Status CVE ID CVSS Researchers Date
Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.30 - Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2024-10704 4.4 Dmitrii Ignatyev November 14, 2024
Photo Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2024-9878 4.4 tmrswrr November 4, 2024
Photo Gallery by 10Web <= 1.8.28 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2024-8670 4.4 Dmitrii Ignatyev October 3, 2024
Photo Gallery by 10Web <= 1.8.27 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2024-44043 4.4 Robert DeVore, Dmitrii Ignatyev September 23, 2024
Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function Patched CVE-2024-5481 6.8 Tobias Weißhaar (kun_19) June 6, 2024
Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG Patched CVE-2024-5426 6.4 Tobias Weißhaar (kun_19) June 6, 2024
Photo Gallery by 10Web <= 1.8.25 - Missing Authorization to Notice Dismissal Patched CVE-2024-35628 4.3 Dhabaleshwar Das May 27, 2024
Photo Gallery by 10Web <= 1.8.20 - Missing Authorization Patched CVE-2024-33586 5.3 Steven Julian April 25, 2024
Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVG Patched CVE-2024-2296 5.5 Jobert Krohnen April 5, 2024
Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'image_url' Patched CVE-2024-29809 6.1 AppCheck March 26, 2024
Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'image_id' Patched CVE-2024-29808 6.1 AppCheck March 26, 2024
Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'current_url' Patched CVE-2024-29832 6.1 AppCheck March 26, 2024
Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'thumb_url' Patched CVE-2024-29810 6.1 AppCheck March 26, 2024
Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename Patched CVE-2024-0221 9.1 Bence Szalai January 19, 2024
Photo Gallery by 10Web <= 1.8.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Widget Patched CVE-2023-6924 4.4 István Márton December 21, 2023
Photo Gallery <= 1.8.15 - Missing Authorization Patched CVE-2023-33995 4.3 Rafshanzani Suhada June 2, 2023
Photo Gallery by 10Web <= 1.8.14 - Authenticated (Administrator+) Directory Traversal Patched CVE-2023-1427 4.9 Nguyen Huu Do March 21, 2023
Photo Gallery <= 1.8.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting Patched CVE-2022-4058 6.1 Krzysztof Zając November 28, 2022
Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.7 - Open Redirect Patched 5.4 November 26, 2022
Photo Gallery by 10Web <= 1.8.0 - Reflected Cross-Site Scripting Patched 6.1 November 3, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation