Photo gallery
This hub aggregates every CVE we track for Photo gallery, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
66
CVEs tracked
8
Critical
11
High
0
In CISA KEV
Severity distribution
MEDIUM45HIGH11CRITICAL8LOW2
Monthly trend
1
0
0
2
2
1
0
1
2
0
2
0
0
0
0
0
0
0
1
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Photo gallery.
- CVE-2025-69084WordPress Photo Gallery plugin <= 2.7.7.26 - Reflected Cross Site Scripting (XSS) vulnerability7.1
- CVE-2024-8670Photo Gallery by 10Web < 1.8.29 - Admin+ Stored XSS4.8
- CVE-2025-47677WordPress Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery plugin <= 2.7.7.25 - Cross Site Scripting (XSS) Vulnerability6.5
- CVE-2025-0613Photo Gallery < 1.8.34 - Unauthenticated Stored XSS6.1
- CVE-2024-13124Photo Gallery by 10Web < 1.8.33 - Admin+ Stored XSS3.5
- CVE-2025-24707WordPress Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery plugin <= 2.7.7.24 - Reflected Cross Site Scripting (XSS) vulnerability7.1
- CVE-2023-33995WordPress Photo Gallery by 10Web plugin <= 1.8.15 - Broken Access Control vulnerability4.3
- CVE-2024-10704Photo Gallery by 10Web < 1.8.31 - Admin+ Stored XSS4.8
- CVE-2024-9878Photo Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting4.4
- CVE-2024-5968Photo Gallery by 10Web <= 1.8.27 - Admin+ Stored XSS4.8
- CVE-2024-44043WordPress Photo Gallery by 10Web plugin <= 1.8.27 - Cross Site Scripting (XSS) vulnerability5.9
- CVE-2024-37442WordPress Photo Gallery by Ays – Responsive Image Gallery plugin < 5.7.1 - HTML Injection vulnerability3.8
- CVE-2024-35628WordPress Photo Gallery by 10Web plugin <= 1.8.25 - Broken Access Control vulnerability4.3
- CVE-2024-5481Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function6.8
- CVE-2024-5426Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG6.4
Product normalization is registry-driven with AI assist and human review. How it works