Vulnerabilities (CVE)

Vendor filter

10web Subscribe

Filter

13 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-16119 1 10web 1 Photo Gallery 2019-09-10 7.5
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
CVE-2019-16118 1 10web 1 Photo Gallery 2019-09-10 4.3
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.
CVE-2019-16117 1 10web 1 Photo Gallery 2019-09-10 4.3
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.
CVE-2015-9380 1 10web 1 Photo Gallery 2019-09-03 6.8
The photo-gallery plugin before 1.2.42 for WordPress has CSRF.
CVE-2019-14797 1 10web 1 Photo Gallery 2019-08-14 3.5
The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.
CVE-2019-14798 1 10web 1 Photo Gallery 2019-08-14 4.0
The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.
CVE-2019-14313 1 10web 1 Photo Gallery 2019-08-13 10.0
A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via...
CVE-2019-10866 1 10web 1 Form Maker 2019-08-03 7.5
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.
CVE-2017-12977 2 Web-dorado, 10web 2 Photo Gallery, Photo Gallery 2019-07-08 6.5
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It...
CVE-2015-2324 2 Web-dorado, 10web 2 Photo Gallery, Photo Gallery 2019-07-08 3.5
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1393 2 Web-dorado, 10web 2 Photo Gallery, Photo Gallery 2019-07-08 6.5
SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to...
CVE-2015-1055 2 Web-dorado, 10web 2 Photo Gallery, Photo Gallery 2019-07-08 7.5
SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php.
CVE-2014-9312 2 Web-dorado, 10web 2 Photo Gallery, Photo Gallery 2019-07-08 6.5
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.