Photo Gallery by 10Web
10Web
Developer
1.8.39
Latest version
200,000
Installations
No date
Last updated
Vulnerability history
0 present
40 patched
14 Mitigation rules
- Cross Site Request Forgery (CSRF) vulnerability<= 1.8.3708/02/2026
- Admin+ Stored XSS vulnerability< 1.8.3130/01/2026
- Missing Authorization to Unauthenticated Arbitrary Comment Deletion vulnerability<= 1.8.3621/01/2026
- Cross Site Scripting (XSS) vulnerability<= 1.8.3825/12/2025
- Admin+ Stored XSS vulnerability< 1.8.2919/05/2025
- WordPress Photo Gallery by 10Web plugin <= 1.8.34 Reflected Cross-Site Scripting via 'image_id' Parameter vulnerability<= 1.8.3411/04/2025
- Unauthenticated Stored XSS vulnerability< 1.8.3431/03/2025
- Admin+ Stored XSS vulnerability< 1.8.3324/03/2025
- Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability<= 1.8.3004/11/2024
- Admin+ Stored XSS vulnerability<= 1.8.2709/10/2024
- Cross Site Scripting (XSS) vulnerability<= 1.8.2723/09/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG vulnerability<= 1.8.2307/06/2024
- Authenticated (Contributor+) Path Traversal via esc_dir Function vulnerability<= 1.8.2307/06/2024
- Broken Access Control vulnerability<= 1.8.2527/05/2024
- Broken Access Control vulnerability<= 1.8.2025/04/2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 1.8.2116/04/2024
- Authenticated (Admin+) Stored Cross-Site Scripting via SVG vulnerability<= 1.8.2108/04/2024
- WordPress Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin <= 1.8.19 - Directory Traversal to Arbitrary File Rename vulnerability<= 1.8.1922/01/2024
- Authenticated Stored Cross-Site Scripting via Widget vulnerability<= 1.8.1821/12/2023
- Broken Access Control vulnerability<= 1.8.1519/06/2023
- Admin+ Path Traversal vulnerability< 1.8.1518/04/2023
- Stored XSS via CSRF vulnerability< 1.8.318/04/2023
- Reflected Cross-Site Scripting (XSS) vulnerability<= 1.7.010/08/2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 1.6.316/05/2022
- Unauthenticated SQL Injection (SQLi) vulnerability<= 1.6.211/04/2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 1.6.211/04/2022
- Multiple Reflected Cross-Site Scripting (XSS) vulnerabilities<= 1.5.7319/05/2021
- Cross-Site Scripting (XSS) vulnerability<= 1.5.6818/02/2021
- Reflected Cross-Site Scripting (XSS) vulnerability<= 1.5.6704/02/2021
- Unauthenticated SQL Injection (SQLi) vulnerability<= 1.5.5415/05/2020
- Multiple Cross-Site Scripting (XSS) vulnerabilities<= 1.5.4525/02/2020
- SQL Injection (SQLi) vulnerability<= 1.5.3409/09/2019
- Cross-Site Scripting (XSS) vulnerability<= 1.5.3409/09/2019
- SQL Injection (SQLi) vulnerability<= 1.5.3026/07/2019
- Cross-Site Scripting (XSS) vulnerability<= 1.3.6626/02/2018
- SQL Injection vulnerability1.3.2905/05/2017
- SQL Injection<= 1.2.10027/01/2015
- SQL Injection<= 1.2.716/01/2015
- Multiple XSS<= 1.1.3011/09/2014
- Cross Site Request Forgery<= 1.2.4107/05/2014