Skip to main content

Photo Gallery By 10web

2 CVEs product

Monthly

CVE-2026-49771 HIGH This Week

Blind SQL injection in the Photo Gallery by 10Web WordPress plugin (versions up to and including 1.8.41) allows high-privileged authenticated users to inject crafted SQL fragments into a vulnerable query, exfiltrate database contents, and affect availability. CVSS 7.6 (Scope:Changed) reflects the cross-component impact possible from a successful injection within the WordPress database context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SQLi Photo Gallery By 10web
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-32330 MEDIUM This Month

Photo Gallery by 10Web versions up to 1.8.37 contain a cross-site request forgery vulnerability that enables unauthenticated attackers to perform unauthorized actions on behalf of authenticated users through crafted requests. The vulnerability requires user interaction and allows attackers to modify or delete gallery content with no direct access needed. No patch is currently available for this vulnerability.

CSRF Photo Gallery By 10web
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
EPSS 0% CVSS 7.6
HIGH This Week

Blind SQL injection in the Photo Gallery by 10Web WordPress plugin (versions up to and including 1.8.41) allows high-privileged authenticated users to inject crafted SQL fragments into a vulnerable query, exfiltrate database contents, and affect availability. CVSS 7.6 (Scope:Changed) reflects the cross-component impact possible from a successful injection within the WordPress database context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SQLi Photo Gallery By 10web
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Photo Gallery by 10Web versions up to 1.8.37 contain a cross-site request forgery vulnerability that enables unauthenticated attackers to perform unauthorized actions on behalf of authenticated users through crafted requests. The vulnerability requires user interaction and allows attackers to modify or delete gallery content with no direct access needed. No patch is currently available for this vulnerability.

CSRF Photo Gallery By 10web
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy