Photo Gallery by 10Web
10Web
Developer
1.8.39
Latest version
200,000
Installations
No date
Last updated
Vulnerability history
0 present
39 patched
14 Mitigation rules
- Admin+ Stored XSS vulnerability< 1.8.31Jan 30, 2026
- Missing Authorization to Unauthenticated Arbitrary Comment Deletion vulnerability<= 1.8.36Jan 21, 2026
- Cross Site Scripting (XSS) vulnerability<= 1.8.38Dec 25, 2025
- Admin+ Stored XSS vulnerability< 1.8.29May 19, 2025
- WordPress Photo Gallery by 10Web plugin <= 1.8.34 Reflected Cross-Site Scripting via 'image_id' Parameter vulnerability<= 1.8.34Apr 11, 2025
- Unauthenticated Stored XSS vulnerability< 1.8.34Mar 31, 2025
- Admin+ Stored XSS vulnerability< 1.8.33Mar 24, 2025
- Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability<= 1.8.30Nov 4, 2024
- Admin+ Stored XSS vulnerability<= 1.8.27Oct 9, 2024
- Cross Site Scripting (XSS) vulnerability<= 1.8.27Sep 23, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG vulnerability<= 1.8.23Jun 7, 2024
- Authenticated (Contributor+) Path Traversal via esc_dir Function vulnerability<= 1.8.23Jun 7, 2024
- Broken Access Control vulnerability<= 1.8.25May 27, 2024
- Broken Access Control vulnerability<= 1.8.20Apr 25, 2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 1.8.21Apr 16, 2024
- Authenticated (Admin+) Stored Cross-Site Scripting via SVG vulnerability<= 1.8.21Apr 8, 2024
- WordPress Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin <= 1.8.19 - Directory Traversal to Arbitrary File Rename vulnerability<= 1.8.19Jan 22, 2024
- Authenticated Stored Cross-Site Scripting via Widget vulnerability<= 1.8.18Dec 21, 2023
- Broken Access Control vulnerability<= 1.8.15Jun 19, 2023
- Admin+ Path Traversal vulnerability< 1.8.15Apr 18, 2023
- Stored XSS via CSRF vulnerability< 1.8.3Apr 18, 2023
- Reflected Cross-Site Scripting (XSS) vulnerability<= 1.7.0Aug 10, 2022
- Stored Cross-Site Scripting (XSS) vulnerability<= 1.6.3May 16, 2022
- Unauthenticated SQL Injection (SQLi) vulnerability<= 1.6.2Apr 11, 2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 1.6.2Apr 11, 2022
- Multiple Reflected Cross-Site Scripting (XSS) vulnerabilities<= 1.5.73May 19, 2021
- Cross-Site Scripting (XSS) vulnerability<= 1.5.68Feb 18, 2021
- Reflected Cross-Site Scripting (XSS) vulnerability<= 1.5.67Feb 4, 2021
- Unauthenticated SQL Injection (SQLi) vulnerability<= 1.5.54May 15, 2020
- Multiple Cross-Site Scripting (XSS) vulnerabilities<= 1.5.45Feb 25, 2020
- SQL Injection (SQLi) vulnerability<= 1.5.34Sep 9, 2019
- Cross-Site Scripting (XSS) vulnerability<= 1.5.34Sep 9, 2019
- SQL Injection (SQLi) vulnerability<= 1.5.30Jul 26, 2019
- Cross-Site Scripting (XSS) vulnerability<= 1.3.66Feb 26, 2018
- SQL Injection vulnerability1.3.29May 5, 2017
- SQL Injection<= 1.2.100Jan 27, 2015
- SQL Injection<= 1.2.7Jan 16, 2015
- Multiple XSS<= 1.1.30Sep 11, 2014
- Cross Site Request Forgery<= 1.2.41May 7, 2014