Photo gallery by 10web – mobile-friendly image gallery
This hub aggregates every CVE we track for Photo gallery by 10web – mobile-friendly image gallery, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
12
CVEs tracked
1
Critical
0
High
0
In CISA KEV
Severity distribution
MEDIUM11CRITICAL1
Monthly trend
0
0
0
0
1
0
0
0
0
1
0
0
0
0
0
0
0
0
1
0
0
0
1
1
2024-072026-06
Latest CVEs
The 12 most recently published vulnerabilities affecting Photo gallery by 10web – mobile-friendly image gallery.
- CVE-2026-9829Photo Gallery by 10Web <= 1.8.41 - Authenticated (Contributor+) SQL Injection via 'compact_album_order_by' Shortcode Parameter6.5
- CVE-2026-7048Photo Gallery by 10Web <= 1.8.40 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute6.5
- CVE-2026-1036Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion5.3
- CVE-2025-2269Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.34 Reflected Cross-Site Scripting via 'image_id' Parameter6.1
- CVE-2024-9878Photo Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting4.4
- CVE-2024-5481Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function6.8
- CVE-2024-5426Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG6.4
- CVE-2024-2296Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVG5.5
- CVE-2024-0221Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename9.1
- CVE-2023-6924Photo Gallery by 10Web <= 1.8.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Widget4.4
- CVE-2021-24310Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title4.8
- CVE-2021-24291Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)6.1
Product normalization is registry-driven with AI assist and human review. How it works