📦

photo_gallery

Vendor: 10web

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 5 Code Available
Total RCEs 1 Remote Access
Total CVEs 98 Total Indexed
Avg. EPSS 5.77% Exploit Prob.
Latest CVE CVE-2024-8670 May 15

Security Vulnerability Index

Page 5 / 10
8.8 CVSS
CVE-2015-9380

The photo-gallery plugin before 1.2.42 for WordPress has CSRF.

EPSS: 0.22%
4.9 CVSS
CVE-2019-14798

The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.

EPSS: 0.68%
5.4 CVSS
CVE-2019-14797

The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.

EPSS: 0.35%
9.8 CVSS
CVE-2019-14313

A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.

EPSS: 4.06%
5.4 CVSS
CVE-2015-2324

Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.

EPSS: 0.12%
8.8 CVSS
CVE-2014-9312
RCE Exploit Found

Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.

EPSS: 76.45%
7.2 CVSS
CVE-2017-12977

The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter.

EPSS: 0.51%
6.5 CVSS
CVE-2015-1393

SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php.

EPSS: 0.32%
7.5 CVSS
CVE-2015-1055

SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php.

EPSS: 0.53%