N/A
2026-01-21< 1.8.37
Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion
Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Minimum safe version
1.8.39
Update to 1.8.39 or later to address 82 fixable vulnerabilities
Latest available1.8.40 ✓
Medium 4.3
2026-03-13< 1.8.38
CVE-2026-32330
Medium 5.9
2026-02-19< 1.8.39
CVE-2026-27360
Medium 6.1
2025-03-31< 1.8.34
Photo Gallery by 10Web <= 1.8.33 - Unauthenticated Stored Cross-Site Scripting
Medium 6.1
2025-04-11< 1.8.35
Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.34 Reflected Cross-Site Scripting via 'image_id' Parameter
Low 3.5
2025-03-24< 1.8.33
CVE-2024-13124
Medium 4.8
2024-11-29< 1.8.31
CVE-2024-10704
Medium 4.8
2024-11-05< 1.8.31
CVE-2024-9878
Medium 4.8
2025-05-15< 1.8.29
Photo Gallery by 10Web <= 1.8.28 - Authenticated (Administrator+) Stored Cross-Site Scripting
Medium 4.8
2024-10-09< 1.8.28
CVE-2024-5968
Medium 5.9
2024-10-06< 1.8.28
CVE-2024-44043
High 8.8
2024-06-07< 1.8.24
CVE-2024-5481
Medium 5.4
2024-06-07< 1.8.24
CVE-2024-5426
Medium 4.3
2024-06-11< 1.8.26
CVE-2024-35628
Medium 5.3
2024-04-29< 1.8.21
CVE-2024-33586
Medium 6.1
2024-04-18< 1.8.22
CVE-2024-32583
Medium 4.8
2024-04-06< 1.8.22
CVE-2024-2296
Medium 5.4
2024-03-26< 1.8.22
CVE-2024-29833
Medium 6.1
2024-03-26< 1.8.22
CVE-2024-29832
Medium 5.4
2024-03-26< 1.8.22
CVE-2024-29810
Medium 5.4
2024-03-26< 1.8.22
CVE-2024-29809
Medium 5.4
2024-03-26< 1.8.22
CVE-2024-29808
High 7.2
2024-02-05< 1.8.20
CVE-2024-0221
Medium 4.8
2024-12-21< 1.8.19
WordPress Photo Gallery by 10Web Plugin <= 1.8.18 is vulnerable to Cross Site Scripting (XSS)
N/A
< 1.3.36
Photo Gallery by WD <= 1.3.35 - Authenticated SQL Injection
N/A
< 1.3.43
Photo Gallery by WD <= 1.3.42 - Authenticated Path Traversal
N/A
< 1.3.67
Photo Gallery by WD <= 1.3.66 - Cross-Site Scripting (XSS)
N/A
< 1.5.69
Photo Gallery by 10web < 1.5.69 - Reflected Cross-Site Scripting (XSS)
N/A
< 1.5.79
Photo Gallery < 1.5.79 - Stored XSS via Uploaded SVG in Zip
N/A
< 1.7.1
Photo Gallery < 1.7.1 - Reflected Cross-Site Scripting
Medium 4.3
2024-12-13< 1.8.16
CVE-2023-33995
Medium 6.1
2022-11-29< 1.5.69
CVE-2021-31693
Medium 6.1
2023-06-07< 1.5.69
CVE-2021-46889
N/A
2023-06-02< 1.8.16
Photo Gallery <= 1.8.15 - Missing Authorization
N/A
2023-03-21< 1.8.15
Photo Gallery by 10Web <= 1.8.14 - Authenticated (Administrator+) Directory Traversal
High 8.8
2017-08-28< 1.2.6
CVE-2014-9312
N/A
2017-05-02< 1.3.38
Photo Gallery by 10Web <= 1.3.37 - Authenticated SQL Injection
N/A
2017-06-16< 1.3.43
Photo Gallery by 10Web < 1.3.43 - Authenticated Path Traversal
N/A
2017-12-14< 1.3.67
Photo Gallery by 10Web <= 1.3.66 - Cross-Site Scripting
N/A
2021-02-23< 1.5.69
Photo Gallery by 10Web <= 1.5.68 - Cross-Site Scripting
N/A
2021-07-19< 1.5.79
Photo Gallery by 10Web <= 1.5.78 - Stored Cross-Site Scripting via Uploaded SVG
N/A
2022-06-16< 1.6.7
Photo Gallery by 10Web <= 1.6.6 - Reflected Cross-Site Scripting
N/A
2022-06-28< 1.6.8
Photo Gallery by 10Web <= 1.6.7 - Authenticated (Admin+) Stored Cross-Site Scripting
N/A
2022-07-01< 1.6.9
Photo Gallery by 10Web <= 1.6.8 - Authenticated (Admin+) Cross-Site Scripting
N/A
2022-08-10< 1.7.1
Photo Gallery <= 1.7.0 - Reflected Cross-Site Scripting
N/A
2022-11-03< 1.8.1
Photo Gallery by 10Web <= 1.8.0 - Reflected Cross-Site Scripting
N/A
2022-11-26< 1.8.8
Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.7 - Open Redirect
Medium 5.4
2023-04-18< 1.8.3
WordPress Photo Gallery by 10Web Plugin < 1.8.3 is vulnerable to Cross Site Scripting (XSS)
N/A
2022-08-10< 1.7.1
WordPress Photo Gallery plugin <= 1.7.0 - Reflected Cross-Site Scripting (XSS) vulnerability
N/A
2014-05-07< 1.2.42
WordPress Photo Gallery Plugin <= 1.2.41 - Cross Site Request Forgery
N/A
2017-05-05< 1.3.30
WordPress Web-Dorado Gallery plugin 1.3.29 - SQL Injection vulnerability
Medium 4.8
2022-06-06< 1.6.4
CVE-2022-1394
N/A
2018-02-26< 1.3.67
WordPress Photo Gallery by WD plugin <=1.3.66 - Cross-Site Scripting (XSS) vulnerability
N/A
2019-07-26< 1.5.31
WordPress Photo Gallery by 10Web plugin <= 1.5.30 - SQL Injection (SQLi) vulnerability
N/A
2019-09-09< 1.5.35
WordPress Photo Gallery by 10Web plugin <= 1.5.34 - Cross-Site Scripting (XSS) vulnerability
N/A
2020-05-15< 1.5.55
WordPress Photo Gallery by 10Web plugin <= 1.5.54 - Unauthenticated SQL Injection (SQLi) vulnerability
N/A
2021-02-04< 1.5.68
WordPress Photo Gallery by 10Web plugin <= 1.5.67 - Cross-Site Scripting (XSS) vulnerability
N/A
2021-02-18< 1.5.69
WordPress Photo Gallery by 10Web plugin <= 1.5.68 - Cross-Site Scripting (XSS) vulnerability
N/A
2021-05-19< 1.5.74
WordPress Photo Gallery by 10Web plugin <= 1.5.73 - Multiple Reflected Cross-Site Scripting (XSS) vulnerabilities
Medium 6.1
2022-05-02< 1.6.3
CVE-2022-1282
Critical 9.8
2022-05-02< 1.6.3
CVE-2022-1281
N/A
2014-10-10< 1.1.31
CVE-2014-6315
N/A
2015-01-16< 1.2.8
CVE-2015-1055
N/A
2015-02-02< 1.2.11
CVE-2015-1393
High 7.2
2017-08-21< 1.3.51
CVE-2017-12977
Medium 5.4
2018-02-19< 1.2.13
CVE-2015-2324
Critical 9.8
2019-07-30< 1.5.31
CVE-2019-14313
Medium 4.9
2019-08-09< 1.5.25
CVE-2019-14798
Medium 5.4
2019-08-09< 1.5.23
CVE-2019-14797
High 8.8
2019-08-30< 1.2.42
CVE-2015-9380
Critical 9.8
2019-09-09< 1.5.35
WordPress Photo Gallery by 10Web plugin <= 1.5.34 - SQL Injection (SQLi) vulnerability
Medium 6.1
2019-09-08< 1.5.35
CVE-2019-16118
Medium 6.1
2019-09-08< 1.5.35
CVE-2019-16117
Medium 5.4
2020-02-08< 1.2.11
CVE-2015-1394
Medium 4.8
2020-02-25< 1.5.46
CVE-2020-9335
Critical 9.8
2021-03-18< 1.5.55
CVE-2021-24139
Medium 6.1
2021-05-14< 1.5.69
CVE-2021-24291
Medium 4.8
2021-06-01< 1.5.67
CVE-2021-24310
Medium 4.9
2021-08-16< 1.5.79
CVE-2021-24363
Medium 6.1
2021-08-16< 1.5.77
CVE-2021-24362
Medium 6.1
2021-12-06< 1.5.68
CVE-2021-25041
Critical 9.8
2022-03-14< 1.6.0
CVE-2022-0169