Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total11
Critical1
High0
Medium9
Reset
Showing 1-11 of 11 records
Threat Entry Updated 2025-06-04

CVE-2024-8670 - Photo Gallery By 10web Plugin

The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Photo Gallery By 10web

CVE-2024-8670

MEDIUM CVSS 4.8 2025-05-15
Open Full Technical Breakdown
Threat Entry Updated 2025-05-13

CVE-2025-0613 - Photo Gallery By 10web Plugin

The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed

PLUGIN Photo Gallery By 10web

CVE-2025-0613

MEDIUM CVSS 6.1 2025-03-31
Open Full Technical Breakdown
Threat Entry Updated 2025-05-13

CVE-2024-13124 - Photo Gallery By 10web Plugin

The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Photo Gallery By 10web

CVE-2024-13124

LOW CVSS 3.5 2025-03-24
Open Full Technical Breakdown
Threat Entry Updated 2025-05-07

CVE-2024-10704 - Photo Gallery By 10web Plugin

The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Photo Gallery By 10web

CVE-2024-10704

MEDIUM CVSS 4.8 2024-11-29
Open Full Technical Breakdown
Threat Entry Updated 2025-05-06

CVE-2024-5968 - Photo Gallery By 10web Plugin

The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Photo Gallery By 10web

CVE-2024-5968

MEDIUM CVSS 4.8 2024-10-09
Open Full Technical Breakdown
Threat Entry Updated 2025-06-03

CVE-2023-6924 - Photo Gallery By 10web Plugin

The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It can also be exploited with a contributor-level permission with a page builder plugin.

PLUGIN Photo Gallery By 10web

CVE-2023-6924

MEDIUM CVSS 4.4 2024-01-11
Open Full Technical Breakdown
Threat Entry Updated 2025-02-06

CVE-2023-1427 - Photo Gallery By 10web Plugin

- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.

PLUGIN Photo Gallery By 10web

CVE-2023-1427

MEDIUM CVSS 4.9 2023-04-17
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1394 - Photo Gallery By 10web Plugin

The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

PLUGIN Photo Gallery By 10web

CVE-2022-1394

MEDIUM CVSS 4.8 2022-06-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1282 - Photo Gallery By 10web Plugin

The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action.

PLUGIN Photo Gallery By 10web

CVE-2022-1282

MEDIUM CVSS 6.1 2022-05-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0169 - Photo Gallery By 10web Plugin

The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection

PLUGIN Photo Gallery By 10web

CVE-2022-0169

CRITICAL CVSS 9.8 2022-03-14
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-25041 - Photo Gallery By 10web Plugin

The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action

PLUGIN Photo Gallery By 10web

CVE-2021-25041

MEDIUM CVSS 6.1 2021-12-06
Open Full Technical Breakdown
Scroll to top