CVE-2025-0613

Medium CVSS: 6.1

The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed

Vendor

10web

Product

Photo Gallery

CWE

CWE-79

Yayın Tarihi

2025-03-31 06:15:29

Güncelleme

2025-05-13 13:29:46

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-79 Photo Gallery MEDIUM 10web 2025

Referanslar

https://wpscan.com/vulnerability/22be2b44-cd42-4b02-8448-59dd2989dde1/

Benzer Kayıtlar

Critical

CVE-2025-13377

The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbit…

Medium

CVE-2024-8670

The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which coul…

Medium

CVE-2024-13053

The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could…

Medium

CVE-2024-10680

The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could…

Medium

CVE-2024-10565

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow…

Medium

CVE-2024-10566

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow…